!11 openssl版本升级

Merge pull request !11 from HJ/0810

!11 openssl版本升级
Merge pull request !11 from HJ/0810
23719187 · openharmony_ci · Gitee · 9124054d · 0b759159 · 23719187
1000 changed file
--- a/ACKNOWLEDGEMENTS
+++ b/ACKNOWLEDGEMENTS
--- a/AUTHORS
+++ b/AUTHORS
@@ -13,6 +13,8 @@ Ben Kaduk
 Bernd Edlinger
 Bodo Möller
 David Benjamin
+David von Oheimb
+Dmitry Belyavskiy (Дмитрий Белявский)
 Emilia Käsper
 Eric Young
 Geoff Thorpe
@@ -22,14 +24,19 @@ Lutz Jänicke
 Mark J. Cox
 Matt Caswell
 Matthias St. Pierre
+Nicola Tuveri
 Nils Larsch
+Patrick Steuer
 Paul Dale
 Paul C. Sutton
+Paul Yang
 Ralf S. Engelschall
 Rich Salz
 Richard Levitte
+Shane Lontis
 Stephen Henson
 Steve Marquess
 Tim Hudson
+Tomáš Mráz
 Ulf Möller
 Viktor Dukhovni
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -4,7 +4,6 @@ import("//build/ohos.gni")
 # Only use this to set/unset some cflags, use "platform" variable in gn template to add
 # source code for Windows.
-use_mingw_win = "${current_os}_${current_cpu}" == "mingw_x86_64"
 config("crypto_config") {
  include_dirs = [
@@ -37,7 +36,7 @@ config("crypto_config") {
    "-DOPENSSL_NO_RIPEMD",
    "-DOPENSSL_NO_RMD160",
  ]
-  if (target_cpu == "arm" && !use_mingw_win && host_os != "mac") {
+  if (current_cpu == "arm" && !(current_os == "linux" || host_os == "mac")) {
    cflags += [
      "-DOPENSSL_CPUID_OBJ",
      "-DOPENSSL_BN_ASM_MONT",
@@ -52,7 +51,8 @@ config("crypto_config") {
      "-DECP_NISTZ256_ASM",
      "-DPOLY1305_ASM",
    ]
-  } else if (target_cpu == "arm64" && !use_mingw_win && host_os != "mac") {
+  } else if (current_cpu == "arm64" &&
+             !(current_os == "linux" || host_os == "mac")) {
    cflags += [
      "-DOPENSSL_CPUID_OBJ",
      "-DOPENSSL_BN_ASM_MONT",
@@ -64,7 +64,7 @@ config("crypto_config") {
      "-DECP_NISTZ256_ASM",
      "-DPOLY1305_ASM",
    ]
-  } else if (use_mingw_win) {
+  } else if (is_mingw) {
    cflags -= [
      "-fPIC",
      "-DOPENSSL_NO_BF",
@@ -89,8 +89,7 @@ config("crypto_config") {
      "-Wno-sign-compare",
      "-Wno-incompatible-pointer-types",
    ]
-    defines = [ "WINDOWS_PLATFORM" ]
+  } else if (current_os == "linux" || host_os == "mac") {
-  } else if (host_os == "mac") {
    cflags -= [
      "-DOPENSSL_NO_BF",
      "-DOPENSSL_NO_CAMELLIA",
@@ -99,6 +98,9 @@ config("crypto_config") {
      "-DOPENSSL_NO_RC2",
      "-DOPENSSL_NO_RMD160",
    ]
+    if (current_os == "linux") {
+      cflags += [ "-m64" ]
+    }
    cflags += [
      "-DL_ENDIAN",
      "-D_REENTRAN",
@@ -106,7 +108,6 @@ config("crypto_config") {
      "-MF",
      "-c",
    ]
-    defines = [ "MAC_PLATFORM" ]
  } else {
    cflags += [ "-DOPENSSL_NO_ASM" ]
  }
@@ -115,8 +116,15 @@ config("crypto_config") {
 config("crypto_config_public") {
  include_dirs = [ "./include" ]
-  if (target_cpu == "arm") {
+  if (current_cpu == "arm" && !(current_os == "linux" || host_os == "mac")) {
-    cflags = [ "-DCPU_ARM32" ]
+    cflags = [ "-DOPENSSL_ARM_PLATFORM" ]
+  } else if (current_cpu == "arm64" &&
+             !(current_os == "linux" || host_os == "mac")) {
+    cflags = [ "-DOPENSSL_ARM64_PLATFORM" ]
+  } else if (is_mingw) {
+    cflags = [ "-DWINDOWS_PLATFORM" ]
+  } else if (current_os == "linux" || host_os == "mac") {
+    cflags = [ "-DMAC_PLATFORM" ]
  }
 }
@@ -723,7 +731,7 @@ ohos_source_set("crypto_source") {
    "crypto/x509v3/v3err.c",
  ]
-  if (target_cpu == "arm" && !use_mingw_win && host_os != "mac") {
+  if (current_cpu == "arm" && !(current_os == "linux" || host_os == "mac")) {
    sources += [
      "crypto/aes/asm/arm32/aes-armv4.S",
      "crypto/aes/asm/arm32/aesv8-armx.S",
@@ -743,7 +751,8 @@ ohos_source_set("crypto_source") {
      "crypto/sha/sha256-armv4.S",
      "crypto/sha/sha512-armv4.S",
    ]
-  } else if (target_cpu == "arm64" && !use_mingw_win && host_os != "mac") {
+  } else if (current_cpu == "arm64" &&
+             !(current_os == "linux" || host_os == "mac")) {
    sources += [
      "crypto/aes/aes_core.c",
      "crypto/aes/asm/arm64/aesv8-armx.S",
@@ -761,7 +770,7 @@ ohos_source_set("crypto_source") {
      "crypto/sha/sha256-armv8.S",
      "crypto/sha/sha512-armv8.S",
    ]
-  } else if (use_mingw_win || host_os == "mac") {
+  } else if (is_mingw || (current_os == "linux" || host_os == "mac")) {
    sources += [
      "crypto/aes/aes_core.c",
      "crypto/bf/bf_cfb64.c",
@@ -802,7 +811,7 @@ ohos_source_set("crypto_source") {
      "crypto/ripemd/rmd_one.c",
      "crypto/sha/keccak1600.c",
    ]
-    if (use_mingw_win) {
+    if (is_mingw) {
      sources -= [
        "crypto/idea/i_cbc.c",
        "crypto/idea/i_cfb64.c",
@@ -822,10 +831,9 @@ ohos_source_set("crypto_source") {
    ]
  }
-  configs = [
+  configs = [ ":crypto_config" ]
-    ":crypto_config",
-    ":crypto_config_public",
+  public_configs = [ ":crypto_config_public" ]
-  ]
  remove_configs = [ "//build/config/coverage:default_coverage" ]
 }
@@ -868,7 +876,11 @@ config("ssl_config") {
    "-DOPENSSL_NO_SSL3_METHOD",
  ]
-  if (use_mingw_win) {
+  if (current_cpu == "arm" && host_os != "mac") {
+    cflags += [ "-DOPENSSL_ARM_PLATFORM" ]
+  } else if (current_cpu == "arm64" && host_os != "mac") {
+    cflags += [ "-DOPENSSL_ARM64_PLATFORM" ]
+  } else if (is_mingw) {
    cflags -= [ "-fPIC" ]
    cflags += [
      "-m64",
@@ -947,6 +959,7 @@ ohos_source_set("ssl_source") {
    "ssl/tls_srp.c",
  ]
-  configs = [ ":ssl_config" ]
+  public_configs = [ ":ssl_config" ]
  remove_configs = [ "//build/config/coverage:default_coverage" ]
 }
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,171 @@
 https://github.com/openssl/openssl/commits/ and pick the appropriate
 release branch.
+ Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
+  *) Fixed a problem with verifying a certificate chain when using the
+     X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks
+     of the certificates present in a certificate chain. It is not set by
+     default.
+     Starting from OpenSSL version 1.1.1h a check to disallow certificates in
+     the chain that have explicitly encoded elliptic curve parameters was added
+     as an additional strict check.
+     An error in the implementation of this check meant that the result of a
+     previous check to confirm that certificates in the chain are valid CA
+     certificates was overwritten. This effectively bypasses the check
+     that non-CA certificates must not be able to issue other certificates.
+     If a "purpose" has been configured then there is a subsequent opportunity
+     for checks that the certificate is a valid CA.  All of the named "purpose"
+     values implemented in libcrypto perform this check.  Therefore, where
+     a purpose is set the certificate chain will still be rejected even when the
+     strict flag has been used. A purpose is set by default in libssl client and
+     server certificate verification routines, but it can be overridden or
+     removed by an application.
+     In order to be affected, an application must explicitly set the
+     X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
+     for the certificate verification or, in the case of TLS client or server
+     applications, override the default purpose.
+     (CVE-2021-3450)
+     [Tomáš Mráz]
+  *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
+     crafted renegotiation ClientHello message from a client. If a TLSv1.2
+     renegotiation ClientHello omits the signature_algorithms extension (where
+     it was present in the initial ClientHello), but includes a
+     signature_algorithms_cert extension then a NULL pointer dereference will
+     result, leading to a crash and a denial of service attack.
+     A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
+     (which is the default configuration). OpenSSL TLS clients are not impacted
+     by this issue.
+     (CVE-2021-3449)
+     [Peter Kästle and Samuel Sapalski]
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+  *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+     create a unique hash value based on the issuer and serial number data
+     contained within an X509 certificate. However it was failing to correctly
+     handle any errors that may occur while parsing the issuer field (which might
+     occur if the issuer field is maliciously constructed). This may subsequently
+     result in a NULL pointer deref and a crash leading to a potential denial of
+     service attack.
+     (CVE-2021-23841)
+     [Matt Caswell]
+  *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+     padding mode to correctly check for rollback attacks. This is considered a
+     bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+     CVE-2021-23839.
+     [Matt Caswell]
+  *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+     functions. Previously they could overflow the output length argument in some
+     cases where the input length is close to the maximum permissable length for
+     an integer on the platform. In such cases the return value from the function
+     call would be 1 (indicating success), but the output length value would be
+     negative. This could cause applications to behave incorrectly or crash.
+     (CVE-2021-23840)
+     [Matt Caswell]
+  *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
+     implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
+     could be exploited in a side channel attack to recover the password. Since
+     the attack is local host only this is outside of the current OpenSSL
+     threat model and therefore no CVE is assigned.
+     Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
+     issue.
+     [Matt Caswell]
+ Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
+  *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
+     This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME.
+     If an attacker can control both items being compared  then this could lead
+     to a possible denial of service attack. OpenSSL itself uses the
+     GENERAL_NAME_cmp function for two purposes:
+     1) Comparing CRL distribution point names between an available CRL and a
+        CRL distribution point embedded in an X509 certificate
+     2) When verifying that a timestamp response token signer matches the
+        timestamp authority name (exposed via the API functions
+        TS_RESP_verify_response and TS_RESP_verify_token)
+     (CVE-2020-1971)
+     [Matt Caswell]
+  *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target.
+     [Stuart Carnie]
+  *) The security callback, which can be customised by application code, supports
+     the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+     in the "other" parameter. In most places this is what is passed. All these
+     places occur server side. However there was one client side call of this
+     security operation and it passed a DH object instead. This is incorrect
+     according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+     of the other locations. Therefore this client side call has been changed to
+     pass an EVP_PKEY instead.
+     [Matt Caswell]
+  *) In 1.1.1h, an expired trusted (root) certificate was not anymore rejected
+     when validating a certificate path. This check is restored in 1.1.1i.
+     [David von Oheimb]
+ Changes between 1.1.1g and 1.1.1h [22 Sep 2020]
+  *) Certificates with explicit curve parameters are now disallowed in
+     verification chains if the X509_V_FLAG_X509_STRICT flag is used.
+     [Tomas Mraz]
+  *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
+     ignore TLS protocol version bounds when configuring DTLS-based contexts, and
+     conversely, silently ignore DTLS protocol version bounds when configuring
+     TLS-based contexts.  The commands can be repeated to set bounds of both
+     types.  The same applies with the corresponding "min_protocol" and
+     "max_protocol" command-line switches, in case some application uses both TLS
+     and DTLS.
+     SSL_CTX instances that are created for a fixed protocol version (e.g.
+     TLSv1_server_method()) also silently ignore version bounds.  Previously
+     attempts to apply bounds to these protocol versions would result in an
+     error.  Now only the "version-flexible" SSL_CTX instances are subject to
+     limits in configuration files in command-line options.
+     [Viktor Dukhovni]
+  *) Handshake now fails if Extended Master Secret extension is dropped
+     on renegotiation.
+     [Tomas Mraz]
+  *) Accidentally, an expired trusted (root) certificate is not anymore rejected
+     when validating a certificate path.
+     [David von Oheimb]
+  *) The Oracle Developer Studio compiler will start reporting deprecated APIs
+ Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
+  *) Fixed segmentation fault in SSL_check_chain()
+     Server or client applications that call the SSL_check_chain() function
+     during or after a TLS 1.3 handshake may crash due to a NULL pointer
+     dereference as a result of incorrect handling of the
+     "signature_algorithms_cert" TLS extension. The crash occurs if an invalid
+     or unrecognised signature algorithm is received from the peer. This could
+     be exploited by a malicious peer in a Denial of Service attack.
+     (CVE-2020-1967)
+     [Benjamin Kaduk]
+  *) Added AES consttime code for no-asm configurations
+     an optional constant time support for AES was added
+     when building openssl for no-asm.
+     Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME
+     Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME
+     At this time this feature is by default disabled.
+     It will be enabled by default in 3.0.
+     [Bernd Edlinger]
 Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
  *) Revert the change of EOF detection while reading in libssl to avoid

--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -41,8 +41,8 @@ guidelines:
    https://www.openssl.org/policies/codingstyle.html) and compile
    without warnings. Where gcc or clang is available you should use the
    --strict-warnings Configure option.  OpenSSL compiles on many varied
-    platforms: try to ensure you only use portable features.  Clean builds
+    platforms: try to ensure you only use portable features.  Clean builds via
-    via Travis and AppVeyor are required, and they are started automatically
+    GitHub Actions and AppVeyor are required, and they are started automatically
    whenever a PR is created or updated.
    5.  When at all possible, patches should include tests. These can

--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -663,6 +663,7 @@ my %targets = (
    "linux-ppc" => {
        inherit_from     => [ "linux-generic32", asm("ppc32_asm") ],
        perlasm_scheme   => "linux32",
+        lib_cppflags     => add("-DB_ENDIAN"),
    },
    "linux-ppc64" => {
        inherit_from     => [ "linux-generic64", asm("ppc64_asm") ],
@@ -741,7 +742,7 @@ my %targets = (
        inherit_from     => [ "linux-generic32", asm("mips64_asm") ],
        cflags           => add("-mabi=n32"),
        cxxflags         => add("-mabi=n32"),
-        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
+        bn_ops           => "RC4_CHAR",
        perlasm_scheme   => "n32",
        multilib         => "32",
    },
@@ -1125,7 +1126,7 @@ my %targets = (
        CFLAGS           => picker(debug   => "-O0 -g",
                                   release => "-O"),
        cflags           => add(threads("-pthread")),
-        ex_libs          => threads("-pthread"),
+        ex_libs          => add(threads("-pthread")),
        bn_ops           => "BN_LLONG RC4_CHAR",
        perlasm_scheme   => "aix32",
        shared_ldflag    => add_before("-shared -static-libgcc"),
@@ -1138,7 +1139,7 @@ my %targets = (
        CFLAGS           => picker(debug   => "-O0 -g",
                                   release => "-O"),
        cflags           => combine("-maix64", threads("-pthread")),
-        ex_libs          => threads("-pthread"),
+        ex_libs          => add(threads("-pthread")),
        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
        perlasm_scheme   => "aix64",
        shared_ldflag    => add_before("-shared -static-libgcc"),
@@ -1154,7 +1155,7 @@ my %targets = (
        cflags           => combine("-q32 -qmaxmem=16384 -qro -qroconst",
                                    threads("-qthreaded")),
        cppflags         => threads("-D_THREAD_SAFE"),
-        ex_libs          => threads("-lpthreads"),
+        ex_libs          => add(threads("-lpthreads")),
        bn_ops           => "BN_LLONG RC4_CHAR",
        perlasm_scheme   => "aix32",
        shared_cflag     => "-qpic",
@@ -1169,7 +1170,7 @@ my %targets = (
        cflags           => combine("-q64 -qmaxmem=16384 -qro -qroconst",
                                    threads("-qthreaded")),
        cppflags         => threads("-D_THREAD_SAFE"),
-        ex_libs          => threads("-lpthreads"),
+        ex_libs          => add(threads("-lpthreads")),
        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
        perlasm_scheme   => "aix64",
        dso_scheme       => "dlfcn",
@@ -1365,9 +1366,9 @@ my %targets = (
            }
            push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib'
                if (defined(env('PORTSDK_LIBPATH')));
-            push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib'
+            push @ex_libs, '/nodefaultlib coredll.lib corelibc.lib'
-                if (env('TARGETCPU') eq "X86");
+                if (env('TARGETCPU') =~ /^X86|^ARMV4[IT]/);
-            return @ex_libs;
+            return join(" ", @ex_libs);
        }),
    },
@@ -1557,6 +1558,14 @@ my %targets = (
        bn_ops           => "SIXTY_FOUR_BIT_LONG",
        perlasm_scheme   => "macosx",
    },
+    "darwin64-arm64-cc" => {
+        inherit_from     => [ "darwin-common", asm("aarch64_asm") ],
+        CFLAGS           => add("-Wall"),
+        cflags           => add("-arch arm64"),
+        lib_cppflags     => add("-DL_ENDIAN"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        perlasm_scheme   => "ios64",
+    },
 ##### GNU Hurd
    "hurd-x86" => {

--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
--- a/Configurations/15-ios.conf
+++ b/Configurations/15-ios.conf
--- a/Configurations/50-djgpp.conf
+++ b/Configurations/50-djgpp.conf
--- a/Configurations/50-haiku.conf
+++ b/Configurations/50-haiku.conf
--- a/Configurations/50-masm.conf
+++ b/Configurations/50-masm.conf
--- a/Configurations/50-win-onecore.conf
+++ b/Configurations/50-win-onecore.conf
--- a/Configurations/INTERNALS.Configure
+++ b/Configurations/INTERNALS.Configure
--- a/Configurations/README
+++ b/Configurations/README
--- a/Configurations/README.design
+++ b/Configurations/README.design
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
--- a/Configurations/common0.tmpl
+++ b/Configurations/common0.tmpl
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -377,8 +377,13 @@ NODEBUG=@
        $(NODEBUG) !
        $(NODEBUG) ! Installation logical names
        $(NODEBUG) !
-        $(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+        $(NODEBUG) ! This also creates a few DCL variables that are used for
-        $(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+        $(NODEBUG) ! the "install_msg" target.
+        $(NODEBUG) !
+        $(NODEBUG) installroot = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;"
+        $(NODEBUG) installtop = installroot + ".]"
+        $(NODEBUG) dataroot = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;"
+        $(NODEBUG) datatop = dataroot + ".]"
        $(NODEBUG) DEFINE ossl_installroot 'installtop'
        $(NODEBUG) DEFINE ossl_dataroot 'datatop'
        $(NODEBUG) !
@@ -455,30 +460,19 @@ list-tests :
        @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
        @ ! {- output_on() if !$disabled{tests}; "" -}
-install : install_sw install_ssldirs install_docs
+install : install_sw install_ssldirs install_docs install_msg
+        @ !
+install_msg :
        @ WRITE SYS$OUTPUT ""
        @ WRITE SYS$OUTPUT "######################################################################"
        @ WRITE SYS$OUTPUT ""
        @ IF "$(DESTDIR)" .EQS. "" THEN -
-             PIPE ( WRITE SYS$OUTPUT "Installation complete" ; -
+             @{- sourcefile("VMS", "msg_install.com") -} "$(SYSTARTUP)" "{- $osslver -}"
-                    WRITE SYS$OUTPUT "" ; -
-                    WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
-                    WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
-                    WRITE SYS$OUTPUT "" )
        @ IF "$(DESTDIR)" .NES. "" THEN -
-             PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; -
+             @{- sourcefile("VMS", "msg_staging.com") -} -
-                    WRITE SYS$OUTPUT "" ; -
+             "''installroot']" "''dataroot']" "$(INSTALLTOP)" "$(OPENSSLDIR)" -
-                    WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; -
+             "$(SYSTARTUP)" "{- $osslver -}"
-                    WRITE SYS$OUTPUT staging_instdir ; -
-                    WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; -
-                    WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; -
-                    WRITE SYS$OUTPUT staging_datadir ; -
-                    WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; -
-                    WRITE SYS$OUTPUT "" ; -
-                    WRITE SYS$OUTPUT "When in its final destination," ; -
-                    WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
-                    WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
-                    WRITE SYS$OUTPUT "" )
 check_install :
        spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com

--- a/Configurations/shared-info.pl
+++ b/Configurations/shared-info.pl
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -917,8 +917,8 @@ errors:
          done )
 ordinals:
-	( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update )
+	$(PERL) $(SRCDIR)/util/mkdef.pl crypto update
-	( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update )
+	$(PERL) $(SRCDIR)/util/mkdef.pl ssl update
 test_ordinals:
 	( cd test; \

--- a/Configurations/unix-checker.pm
+++ b/Configurations/unix-checker.pm
--- a/Configurations/windows-checker.pm
+++ b/Configurations/windows-checker.pm
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -211,8 +211,8 @@ CNF_CPPFLAGS={- our $cppfags2 =
                    join(' ', $target{cppflags} || (),
                              (map { '-D'.quotify1($_) } @{$target{defines}},
                                                         @{$config{defines}}),
-                              (map { '-I'.quotify1($_) } @{$target{includes}},
+                              (map { '-I'.'"'.$_.'"' } @{$target{includes}},
-                                                         @{$config{includes}}),
+                                                       @{$config{includes}}),
                              @{$config{cppflags}}) -}
 CNF_CFLAGS={- join(' ', $target{cflags} || (),
                        @{$config{cflags}}) -}

--- a/Configure
+++ b/Configure
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -217,12 +217,22 @@ sub resolve_config;
 # Unified build supports separate build dir
 my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
 my $blddir = catdir(absolutedir("."));         # catdir ensures local syntax
+# File::Spec::Unix doesn't detect case insensitivity, so we make sure to
+# check if the source and build directory are really the same, and make
+# them so.  This avoids all kinds of confusion later on.
+# We must check @File::Spec::ISA rather than using File::Spec->isa() to
+# know if File::Spec ended up loading File::Spec::Unix.
+$srcdir = $blddir
+    if (grep(/::Unix$/, @File::Spec::ISA)
+        && samedir($srcdir, $blddir));
 my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
 my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
-$config{sourcedir} = abs2rel($srcdir);
+$config{sourcedir} = abs2rel($srcdir, $blddir);
-$config{builddir} = abs2rel($blddir);
+$config{builddir} = abs2rel($blddir, $blddir);
 # Collect reconfiguration information if needed
 my @argvcopy=@ARGV;
@@ -1049,6 +1059,9 @@ if (scalar(@seed_sources) == 0) {
    print "Using os-specific seed configuration\n";
    push @seed_sources, 'os';
 }
+if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) {
+    delete $disabled{'egd'};
+}
 if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
    die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
    warn <<_____ if scalar(@seed_sources) == 1;
@@ -1188,6 +1201,10 @@ foreach (keys %useradd) {
 # At this point, we can forget everything about %user and %useradd,
 # because it's now all been merged into the corresponding $config entry
+if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
+    disable('static', 'pic', 'threads');
+}
 # Allow overriding the build file name
 $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
@@ -1508,10 +1525,6 @@ if ($strict_warnings)
                }
        }
-if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
-    disable('static', 'pic', 'threads');
-}
 $config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
                              ? @strict_warnings_collection
                              : ( $_ ) }
@@ -2598,19 +2611,22 @@ _____
        }
        print "\nEnabled features:\n\n";
        foreach my $what (@disablables) {
-            print "    $what\n" unless $disabled{$what};
+            print "    $what\n"
+                unless grep { $_ =~ /^${what}$/ } keys %disabled;
        }
        print "\nDisabled features:\n\n";
        foreach my $what (@disablables) {
-            if ($disabled{$what}) {
+            my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled;
-                print "    $what", ' ' x ($longest - length($what) + 1),
+            my $what3 = $what2[0];
-                    "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
+            if ($what3) {
-                print $disabled_info{$what}->{macro}
+                print "    $what3", ' ' x ($longest - length($what3) + 1),
-                    if $disabled_info{$what}->{macro};
+                    "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1);
+                print $disabled_info{$what3}->{macro}
+                    if $disabled_info{$what3}->{macro};
                print ' (skip ',
-                    join(', ', @{$disabled_info{$what}->{skipped}}),
+                    join(', ', @{$disabled_info{$what3}->{skipped}}),
                    ')'
-                    if $disabled_info{$what}->{skipped};
+                    if $disabled_info{$what3}->{skipped};
                print "\n";
            }
        }
@@ -3424,6 +3440,27 @@ sub absolutedir {
    return realpath($dir);
 }
+# Check if all paths are one and the same, using stat.  They must both exist
+# We need this for the cases when File::Spec doesn't detect case insensitivity
+# (File::Spec::Unix assumes case sensitivity)
+sub samedir {
+    die "samedir expects two arguments\n" unless scalar @_ == 2;
+    my @stat0 = stat($_[0]);    # First argument
+    my @stat1 = stat($_[1]);    # Second argument
+    die "Couldn't stat $_[0]" unless @stat0;
+    die "Couldn't stat $_[1]" unless @stat1;
+    # Compare device number
+    return 0 unless ($stat0[0] == $stat1[0]);
+    # Compare "inode".  The perl manual recommends comparing as
+    # string rather than as number.
+    return 0 unless ($stat0[1] eq $stat1[1]);
+    return 1;                   # All the same
+}
 sub quotify {
    my %processors = (
        perl    => sub { my $x = shift;

--- a/FAQ
+++ b/FAQ
--- a/INSTALL
+++ b/INSTALL
@@ -106,8 +106,7 @@
 This will build and install OpenSSL in the default location, which is:
  Unix:    normal installation directories under /usr/local
-  OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
+  OpenVMS: SYS$COMMON:[OPENSSL]
-           OpenSSL version number with underscores instead of periods.
  Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
 The installation directory should be appropriately protected to ensure
@@ -116,7 +115,9 @@
 your Operating System it is recommended that you do not overwrite the system
 version and instead install to somewhere else.
- If you want to install it anywhere else, run config like this:
+ If you want to install it anywhere else, run config like this (the options
+ --prefix and --openssldir are explained further down, and the values shown
+ here are mere examples):
  On Unix:
@@ -198,7 +199,7 @@
                   Unix:           /usr/local
                   Windows:        C:\Program Files\OpenSSL
                                or C:\Program Files (x86)\OpenSSL
-                   OpenVMS:        SYS$COMMON:[OPENSSL-'version']
+                   OpenVMS:        SYS$COMMON:[OPENSSL]
  --release
                   Build OpenSSL without debugging symbols. This is the default.
@@ -535,9 +536,9 @@
                   conjunction with the "-DPEDANTIC" option (or the
                   --strict-warnings option).
-  no-ui
+  no-ui-console
-                   Don't build with the "UI" capability (i.e. the set of
+                   Don't build with the "UI" console method (i.e. the "UI"
-                   features enabling text based prompts).
+                   method that enables text based console prompts).
  enable-unit-test
                   Enable additional unit test APIs. This should not typically
@@ -961,9 +962,9 @@
         share/doc/openssl/html/man7
                        Contains the HTML rendition of the man-pages.
-       OpenVMS ('arch' is replaced with the architecture name, "Alpha"
+       OpenVMS ('arch' is replaced with the architecture name, "ALPHA"
-       or "ia64", 'sover' is replaced with the shared library version
+       or "IA64", 'sover' is replaced with the shared library version
-       (0101 for 1.1), and 'pz' is replaced with the pointer size
+       (0101 for 1.1.x), and 'pz' is replaced with the pointer size
       OpenSSL was built with):
         [.EXE.'arch']  Contains the openssl binary.

--- a/LICENSE
+++ b/LICENSE
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,40 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
+  Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
+      o Fixed a problem with verifying a certificate chain when using the
+        X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
+      o Fixed an issue where an OpenSSL TLS server may crash if sent a
+        maliciously crafted renegotiation ClientHello message from a client
+        (CVE-2021-3449)
+  Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+      o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+        function (CVE-2021-23841)
+      o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+        padding mode to correctly check for rollback attacks
+      o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+        EVP_DecryptUpdate functions (CVE-2021-23840)
+      o Fixed SRP_Calc_client_key so that it runs in constant time
+  Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
+      o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
+  Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
+      o Disallow explicit curve parameters in verifications chains when
+        X509_V_FLAG_X509_STRICT is used
+      o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
+        contexts
+      o Oracle Developer Studio will start reporting deprecation warnings
+  Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
+      o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
  Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
      o Revert the unexpected EOF reporting via SSL_ERROR_SSL

--- a/NOTES.ANDROID
+++ b/NOTES.ANDROID
@@ -6,8 +6,8 @@
 -------------------
 Beside basic tools like perl and make you'll need to download the Android
- NDK. It's available for Linux, Mac OS X and Windows, but only Linux
+ NDK. It's available for Linux, macOS and Windows, but only Linux
- version was actually tested. There is no reason to believe that Mac OS X
+ version was actually tested. There is no reason to believe that macOS
 wouldn't work. And as for Windows, it's unclear which "shell" would be
 suitable, MSYS2 might have best chances. NDK version should play lesser
 role, the goal is to support a range of most recent versions.

--- a/NOTES.DJGPP
+++ b/NOTES.DJGPP
--- a/NOTES.PERL
+++ b/NOTES.PERL
@@ -109,7 +109,7 @@
        $ cpan -f -i Text::Template
-    Note: on VMS, you must quote any argument that contains upper case
+    Note: on VMS, you must quote any argument that contains uppercase
    characters, so the lines above would be:
        $ cpan -i "Text::Template"

--- a/NOTES.UNIX
+++ b/NOTES.UNIX
--- a/NOTES.VMS
+++ b/NOTES.VMS
@@ -18,7 +18,7 @@
 An ANSI C compiled is needed among other things.  This means that
 VAX C is not and will not be supported.
- We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require
+ We have only tested with DEC C (aka HP VMS C / VSI C) and require
 version 7.1 or later.  Compiling with a different ANSI C compiler may
 require some work.
@@ -90,9 +90,9 @@
 Unix mount point.
 The easiest way to check if everything got through as it should is to
- check for one of the following files:
+ check that this file exists:
-   [.crypto]opensslconf^.h.in
+   [.include.openssl]opensslconf^.h.in
 The best way to get a correct distribution is to download the gzipped
 tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress
@@ -105,3 +105,11 @@
 Should you need it, you can find UnZip for VMS here:
   http://www.info-zip.org/UnZip.html
+ How the value of 'arch' is determined
+ -------------------------------------
+ 'arch' is mentioned in INSTALL.  It's value is determined like this:
+    arch = f$edit( f$getsyi( "arch_name"), "upcase")
--- a/NOTES.WIN
+++ b/NOTES.WIN
@@ -12,11 +12,11 @@
 and require --cross-compile-prefix option. While on MSYS[2] it's solved
 rather by placing gcc that produces "MinGW binary" code 1st on $PATH.
 This is customarily source of confusion. "Hosted" applications "live" in
- emulated file system name space with POSIX-y root, mount points, /dev
+ emulated filesystem name space with POSIX-y root, mount points, /dev
 and even /proc. Confusion is intensified by the fact that MSYS2 shell
 (or rather emulated execve(2) call) examines the binary it's about to
 start, and if it's found *not* to be linked with MSYS2 POSIX-y thing,
- command line arguments that look like file names get translated from
+ command line arguments that look like filenames get translated from
 emulated name space to "native". For example '/c/some/where' becomes
 'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that
 there is no difference between MSYS2 shell and "MinGW binary", but
@@ -26,7 +26,7 @@
 it's referred to in quotes here, as "MinGW binary", it's just as
 "native" as it can get.)
- Visual C++ builds, a.k.a. VC-*
+ Visual C++ builds, aka VC-*
 ==============================
 Requirement details
@@ -47,7 +47,7 @@
   the other hand oldest one is known not to work. Everything between
   falls into best-effort category.
- - Netwide Assembler, a.k.a. NASM, available from https://www.nasm.us,
+ - Netwide Assembler, aka NASM, available from https://www.nasm.us,
   is required. Note that NASM is the only supported assembler. Even
   though Microsoft provided assembler is NOT supported, contemporary
   64-bit version is exercised through continuous integration of
@@ -62,8 +62,8 @@
 For VC-WIN32, the following defaults are use:
-     PREFIX:      %ProgramFiles(86)%\OpenSSL
+     PREFIX:      %ProgramFiles(x86)%\OpenSSL
-     OPENSSLDIR:  %CommonProgramFiles(86)%\SSL
+     OPENSSLDIR:  %CommonProgramFiles(x86)%\SSL
 For VC-WIN64, the following defaults are use:
@@ -132,7 +132,7 @@
 If you link with static OpenSSL libraries then you're expected to
 additionally link your application with WS2_32.LIB, GDI32.LIB,
 ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
- non-interactive service applications might feel concerned about
+ noninteractive service applications might feel concerned about
 linking with GDI32.LIB and USER32.LIB, as they are justly associated
 with interactive desktop, which is not available to service
 processes. The toolkit is designed to detect in which context it's

--- a/README
+++ b/README
- OpenSSL 1.1.1f 31 Mar 2020
+ OpenSSL 1.1.1k 25 Mar 2021
- Copyright (c) 1998-2020 The OpenSSL Project
+ Copyright (c) 1998-2021 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

--- a/README.ENGINE
+++ b/README.ENGINE
--- a/README.FIPS
+++ b/README.FIPS
--- a/README.OpenSource
+++ b/README.OpenSource
@@ -3,9 +3,9 @@
    "Name": "OpenSSL",
    "License": "OpenSSL License and Original SSLeay License",
    "License File": "LICENSE",
-    "Version Number": "1.1.1f",
+    "Version Number": "1.1.1k",
    "Owner": "huangjun42@huawei.com",
-    "Upstream URL": "https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1f",
+    "Upstream URL": "https://www.openssl.org/source/openssl-1.1.1k.tar.gz",
    "Description": "implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library"
  }
 ]
\ No newline at end of file
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
--- a/VMS/engine.opt
+++ b/VMS/engine.opt
--- a/VMS/msg_install.com
+++ b/VMS/msg_install.com
+$       ! Used by the main descrip.mms to print the installation complete
+$       ! message.
+$       ! Arguments:
+$       ! P1    startup / setup / shutdown scripts directory
+$       ! P2    distinguishing version number ("major version")
+$
+$       systartup = p1
+$       osslver = p2
+$
+$       WRITE SYS$OUTPUT "Installation complete"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The following commands need to be executed to enable you to use OpenSSL:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
+$       WRITE SYS$OUTPUT "  @''systartup'openssl_startup''osslver'"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "- to define the OpenSSL command"
+$       WRITE SYS$OUTPUT "  @''systartup'openssl_utils''osslver'"
+$       WRITE SYS$OUTPUT ""
--- a/VMS/msg_staging.com
+++ b/VMS/msg_staging.com
+$       ! Used by the main descrip.mms to print the statging installation
+$       ! complete
+$       ! message.
+$       ! Arguments:
+$       ! P1    staging software installation directory
+$       ! P2    staging data installation directory
+$       ! P3    final software installation directory
+$       ! P4    final data installation directory
+$       ! P5    startup / setup / shutdown scripts directory
+$       ! P6    distinguishing version number ("major version")
+$
+$       staging_instdir = p1
+$       staging_datadir = p2
+$       final_instdir = p3
+$       final_datadir = p4
+$       systartup = p5
+$       osslver = p6
+$
+$       WRITE SYS$OUTPUT "Staging installation complete"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the following directory"
+$       WRITE SYS$OUTPUT "trees end up being copied:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "- from ", staging_instdir
+$       WRITE SYS$OUTPUT "  to   ", final_instdir
+$       WRITE SYS$OUTPUT "- from ", staging_datadir
+$       WRITE SYS$OUTPUT "  to   ", final_datadir
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "When in its final destination, the following commands need to be executed"
+$       WRITE SYS$OUTPUT "to use OpenSSL:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
+$       WRITE SYS$OUTPUT "  @''systartup'openssl_startup''osslver'"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "- to define the OpenSSL command"
+$       WRITE SYS$OUTPUT "  @''systartup'openssl_utils''osslver'"
+$       WRITE SYS$OUTPUT ""
--- a/VMS/openssl_ivp.com.in
+++ b/VMS/openssl_ivp.com.in
--- a/VMS/openssl_shutdown.com.in
+++ b/VMS/openssl_shutdown.com.in
--- a/VMS/openssl_startup.com.in
+++ b/VMS/openssl_startup.com.in
--- a/VMS/openssl_utils.com.in
+++ b/VMS/openssl_utils.com.in
--- a/VMS/test-includes.com
+++ b/VMS/test-includes.com
--- a/VMS/translatesyms.pl
+++ b/VMS/translatesyms.pl
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
--- a/apps/apps.c
+++ b/apps/apps.c
--- a/apps/apps.h
+++ b/apps/apps.h
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
--- a/apps/bf_prefix.c
+++ b/apps/bf_prefix.c
--- a/apps/build.info
+++ b/apps/build.info
 {- our @apps_openssl_src =
       qw(openssl.c
-          asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
+          asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c
-          dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
+          enc.c errstr.c
-          genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
+          genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c
-          pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
+          pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c
          s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
-          srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
+          verify.c version.c x509.c rehash.c storeutl.c);
   our @apps_lib_src =
       ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
         split(/\s+/, $target{apps_aux_src}) );
   our @apps_init_src = split(/\s+/, $target{apps_init_src});
   "" -}
 IF[{- !$disabled{apps} -}]
  LIBS_NO_INST=libapps.a
  SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
@@ -21,11 +22,51 @@ IF[{- !$disabled{apps} -}]
  SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
  INCLUDE[openssl]=.. ../include
  DEPEND[openssl]=libapps.a ../libssl
+  IF[{- !$disabled{'des'} -}]
-IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+    SOURCE[openssl]=pkcs12.c
-  GENERATE[openssl.rc]=../util/mkrc.pl openssl
+    DEPEND[pkcs12.o]=progs.h
-  SOURCE[openssl]=openssl.rc
+  ENDIF
-ENDIF
+  IF[{- !$disabled{'ec'} -}]
+    SOURCE[openssl]=ec.c ecparam.c
+    DEPEND[ec.o]=progs.h
+    DEPEND[ecparam.o]=progs.h
+  ENDIF
+  IF[{- !$disabled{'ocsp'} -}]
+    SOURCE[openssl]=ocsp.c
+    DEPEND[ocsp.o]=progs.h
+  ENDIF
+  IF[{- !$disabled{'srp'} -}]
+    SOURCE[openssl]=srp.c
+    DEPEND[srp.o]=progs.h
+  ENDIF
+  IF[{- !$disabled{'ts'} -}]
+    SOURCE[openssl]=ts.c
+    DEPEND[ts.o]=progs.h
+  ENDIF
+  IF[{- !$disabled{'dh'} -}]
+    SOURCE[openssl]=dhparam.c
+    DEPEND[dhparam.o]=progs.h
+  ENDIF
+  IF[{- !$disabled{'dsa'} -}]
+    SOURCE[openssl]=dsa.c dsaparam.c gendsa.c
+    DEPEND[dsa.o]=progs.h
+    DEPEND[dsaparam.o]=progs.h
+    DEPEND[gendsa.o]=progs.h
+  ENDIF
+  IF[{- !$disabled{'engine'} -}]
+    SOURCE[openssl]=engine.c
+    DEPEND[engine.o]=progs.h
+  ENDIF
+  IF[{- !$disabled{'rsa'} -}]
+    SOURCE[openssl]=rsa.c rsautl.c genrsa.c
+    DEPEND[rsa.o]=progs.h
+    DEPEND[rsautl.o]=progs.h
+    DEPEND[genrsa.o]=progs.h
+  ENDIF
+  IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+    GENERATE[openssl.rc]=../util/mkrc.pl openssl
+    SOURCE[openssl]=openssl.rc
+  ENDIF
  {- join("\n  ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
                  @apps_openssl_src) -}

--- a/apps/ca-cert.srl
+++ b/apps/ca-cert.srl
--- a/apps/ca-key.pem
+++ b/apps/ca-key.pem
--- a/apps/ca-req.pem
+++ b/apps/ca-req.pem
--- a/apps/ca.c
+++ b/apps/ca.c
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -1862,8 +1862,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
    row[DB_exp_date][tm->length] = '\0';
    row[DB_rev_date] = NULL;
    row[DB_file] = OPENSSL_strdup("unknown");
-    if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+    if ((row[DB_type] == NULL) || (row[DB_file] == NULL)
-        (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+        || (row[DB_name] == NULL)) {
        BIO_printf(bio_err, "Memory allocation failure\n");
        goto end;
    }
@@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db)
 static int do_updatedb(CA_DB *db)
 {
-    ASN1_UTCTIME *a_tm = NULL;
+    ASN1_TIME *a_tm = NULL;
    int i, cnt = 0;
-    int db_y2k, a_y2k;          /* flags = 1 if y >= 2000 */
+    char **rrow;
-    char **rrow, *a_tm_s;
-    a_tm = ASN1_UTCTIME_new();
+    a_tm = ASN1_TIME_new();
    if (a_tm == NULL)
        return -1;
-    /* get actual time and make a string */
+    /* get actual time */
    if (X509_gmtime_adj(a_tm, 0) == NULL) {
-        ASN1_UTCTIME_free(a_tm);
+        ASN1_TIME_free(a_tm);
        return -1;
    }
-    a_tm_s = app_malloc(a_tm->length + 1, "time string");
-    memcpy(a_tm_s, a_tm->data, a_tm->length);
-    a_tm_s[a_tm->length] = '\0';
-    if (strncmp(a_tm_s, "49", 2) <= 0)
-        a_y2k = 1;
-    else
-        a_y2k = 0;
    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
        rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
        if (rrow[DB_type][0] == DB_TYPE_VAL) {
            /* ignore entries that are not valid */
-            if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+            ASN1_TIME *exp_date = NULL;
-                db_y2k = 1;
-            else
-                db_y2k = 0;
-            if (db_y2k == a_y2k) {
+            exp_date = ASN1_TIME_new();
-                /* all on the same y2k side */
+            if (exp_date == NULL) {
-                if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
+                ASN1_TIME_free(a_tm);
-                    rrow[DB_type][0] = DB_TYPE_EXP;
+                return -1;
-                    rrow[DB_type][1] = '\0';
+            }
-                    cnt++;
-                    BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+            if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
-                }
+                ASN1_TIME_free(a_tm);
-            } else if (db_y2k < a_y2k) {
+                ASN1_TIME_free(exp_date);
+                return -1;
+            }
+            if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
                rrow[DB_type][0] = DB_TYPE_EXP;
                rrow[DB_type][1] = '\0';
                cnt++;
                BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
            }
+            ASN1_TIME_free(exp_date);
        }
    }
-    ASN1_UTCTIME_free(a_tm);
+    ASN1_TIME_free(a_tm);
-    OPENSSL_free(a_tm_s);
    return cnt;
 }

--- a/apps/cert.pem
+++ b/apps/cert.pem
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
--- a/apps/client.pem
+++ b/apps/client.pem
--- a/apps/cms.c
+++ b/apps/cms.c
 /*
- * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -545,9 +545,11 @@ int cms_main(int argc, char **argv)
            if (key_param == NULL || key_param->idx != keyidx) {
                cms_key_param *nparam;
                nparam = app_malloc(sizeof(*nparam), "key param buffer");
-                nparam->idx = keyidx;
+                if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) {
-                if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
+                    OPENSSL_free(nparam);
                    goto end;
+                }
+                nparam->idx = keyidx;
                nparam->next = NULL;
                if (key_first == NULL)
                    key_first = nparam;

--- a/apps/crl.c
+++ b/apps/crl.c
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
--- a/apps/ct_log_list.cnf
+++ b/apps/ct_log_list.cnf
--- a/apps/demoSRP/srp_verifier.txt
+++ b/apps/demoSRP/srp_verifier.txt
--- a/apps/demoSRP/srp_verifier.txt.attr
+++ b/apps/demoSRP/srp_verifier.txt.attr
--- a/apps/dgst.c
+++ b/apps/dgst.c
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
--- a/apps/dh2048.pem
+++ b/apps/dh2048.pem
--- a/apps/dh4096.pem
+++ b/apps/dh4096.pem
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,28 +8,24 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DH
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <stdlib.h>
-#else
+#include <time.h>
+#include <string.h>
-# include <stdio.h>
+#include "apps.h"
-# include <stdlib.h>
+#include "progs.h"
-# include <time.h>
+#include <openssl/bio.h>
-# include <string.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/bn.h>
-# include "progs.h"
+#include <openssl/dh.h>
-# include <openssl/bio.h>
+#include <openssl/x509.h>
-# include <openssl/err.h>
+#include <openssl/pem.h>
-# include <openssl/bn.h>
-# include <openssl/dh.h>
+#ifndef OPENSSL_NO_DSA
-# include <openssl/x509.h>
+# include <openssl/dsa.h>
-# include <openssl/pem.h>
+#endif
-# ifndef OPENSSL_NO_DSA
+#define DEFBITS 2048
-#  include <openssl/dsa.h>
-# endif
-# define DEFBITS 2048
 static int dh_cb(int p, int n, BN_GENCB *cb);
@@ -56,13 +52,13 @@ const OPTIONS dhparam_options[] = {
    {"C", OPT_C, '-', "Print C code"},
    {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
    {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
    {"dsaparam", OPT_DSAPARAM, '-',
     "Read or generate DSA parameters, convert to DH"},
-# endif
+#endif
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
+#endif
    {NULL}
 };
@@ -146,13 +142,13 @@ int dhparam_main(int argc, char **argv)
    if (g && !num)
        num = DEFBITS;
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
    if (dsaparam && g) {
        BIO_printf(bio_err,
                   "generator may not be chosen for DSA parameters\n");
        goto end;
    }
-# endif
+#endif
    out = bio_open_default(outfile, 'w', outformat);
    if (out == NULL)
@@ -173,7 +169,7 @@ int dhparam_main(int argc, char **argv)
        BN_GENCB_set(cb, dh_cb, bio_err);
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
        if (dsaparam) {
            DSA *dsa = DSA_new();
@@ -196,7 +192,7 @@ int dhparam_main(int argc, char **argv)
                goto end;
            }
        } else
-# endif
+#endif
        {
            dh = DH_new();
            BIO_printf(bio_err,
@@ -217,7 +213,7 @@ int dhparam_main(int argc, char **argv)
        if (in == NULL)
            goto end;
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
        if (dsaparam) {
            DSA *dsa;
@@ -239,7 +235,7 @@ int dhparam_main(int argc, char **argv)
                goto end;
            }
        } else
-# endif
+#endif
        {
            if (informat == FORMAT_ASN1) {
                /*
@@ -376,4 +372,3 @@ static int dh_cb(int p, int n, BN_GENCB *cb)
    (void)BIO_flush(BN_GENCB_get_arg(cb));
    return 1;
 }
-#endif
--- a/apps/dsa-ca.pem
+++ b/apps/dsa-ca.pem
--- a/apps/dsa-pca.pem
+++ b/apps/dsa-pca.pem
--- a/apps/dsa.c
+++ b/apps/dsa.c
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,23 +8,19 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <stdlib.h>
-#else
+#include <string.h>
+#include <time.h>
-# include <stdio.h>
+#include "apps.h"
-# include <stdlib.h>
+#include "progs.h"
-# include <string.h>
+#include <openssl/bio.h>
-# include <time.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/dsa.h>
-# include "progs.h"
+#include <openssl/evp.h>
-# include <openssl/bio.h>
+#include <openssl/x509.h>
-# include <openssl/err.h>
+#include <openssl/pem.h>
-# include <openssl/dsa.h>
+#include <openssl/bn.h>
-# include <openssl/evp.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/bn.h>
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -49,14 +45,14 @@ const OPTIONS dsa_options[] = {
    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
    {"", OPT_CIPHER, '-', "Any supported cipher"},
-# ifndef OPENSSL_NO_RC4
+#ifndef OPENSSL_NO_RC4
    {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
    {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
    {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
-# endif
+#endif
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
+#endif
    {NULL}
 };
@@ -71,9 +67,9 @@ int dsa_main(int argc, char **argv)
    OPTION_CHOICE o;
    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
    int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
-# ifndef OPENSSL_NO_RC4
+#ifndef OPENSSL_NO_RC4
    int pvk_encr = 2;
-# endif
+#endif
    int private = 0;
    prog = opt_init(argc, argv, dsa_options);
@@ -214,7 +210,7 @@ int dsa_main(int argc, char **argv)
            i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
                                            NULL, 0, NULL, passout);
        }
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
        EVP_PKEY *pk;
        pk = EVP_PKEY_new();
@@ -229,13 +225,13 @@ int dsa_main(int argc, char **argv)
                goto end;
            }
            assert(private);
-#  ifdef OPENSSL_NO_RC4
+# ifdef OPENSSL_NO_RC4
            BIO_printf(bio_err, "PVK format not supported\n");
            EVP_PKEY_free(pk);
            goto end;
-#  else
+# else
            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
-#  endif
+# endif
        } else if (pubin || pubout) {
            i = i2b_PublicKey_bio(out, pk);
        } else {
@@ -243,7 +239,7 @@ int dsa_main(int argc, char **argv)
            i = i2b_PrivateKey_bio(out, pk);
        }
        EVP_PKEY_free(pk);
-# endif
+#endif
    } else {
        BIO_printf(bio_err, "bad output format specified for outfile\n");
        goto end;
@@ -262,4 +258,3 @@ int dsa_main(int argc, char **argv)
    OPENSSL_free(passout);
    return ret;
 }
-#endif
--- a/apps/dsa1024.pem
+++ b/apps/dsa1024.pem
--- a/apps/dsa512.pem
+++ b/apps/dsa512.pem
--- a/apps/dsap.pem
+++ b/apps/dsap.pem
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,22 +8,18 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <stdlib.h>
-#else
+#include <time.h>
+#include <string.h>
-# include <stdio.h>
+#include "apps.h"
-# include <stdlib.h>
+#include "progs.h"
-# include <time.h>
+#include <openssl/bio.h>
-# include <string.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/bn.h>
-# include "progs.h"
+#include <openssl/dsa.h>
-# include <openssl/bio.h>
+#include <openssl/x509.h>
-# include <openssl/err.h>
+#include <openssl/pem.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
 static int dsa_cb(int p, int n, BN_GENCB *cb);
@@ -44,9 +40,9 @@ const OPTIONS dsaparam_options[] = {
    {"noout", OPT_NOOUT, '-', "No output"},
    {"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
    OPT_R_OPTIONS,
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
+#endif
    {NULL}
 };
@@ -255,4 +251,3 @@ static int dsa_cb(int p, int n, BN_GENCB *cb)
    (void)BIO_flush(BN_GENCB_get_arg(cb));
    return 1;
 }
-#endif
--- a/apps/ec.c
+++ b/apps/ec.c
 /*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,19 +8,15 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_EC
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <stdlib.h>
-#else
+#include <string.h>
+#include "apps.h"
-# include <stdio.h>
+#include "progs.h"
-# include <stdlib.h>
+#include <openssl/bio.h>
-# include <string.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/evp.h>
-# include "progs.h"
+#include <openssl/pem.h>
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/evp.h>
-# include <openssl/pem.h>
 static OPT_PAIR conv_forms[] = {
    {"compressed", POINT_CONVERSION_COMPRESSED},
@@ -62,9 +58,9 @@ const OPTIONS ec_options[] = {
     "Specifies the way the ec parameters are encoded"},
    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
    {"", OPT_CIPHER, '-', "Any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
    {NULL}
 };
@@ -280,4 +276,3 @@ int ec_main(int argc, char **argv)
    OPENSSL_free(passout);
    return ret;
 }
-#endif
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
 /*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
@@ -9,22 +9,18 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_EC
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <stdlib.h>
-#else
+#include <time.h>
+#include <string.h>
-# include <stdio.h>
+#include "apps.h"
-# include <stdlib.h>
+#include "progs.h"
-# include <time.h>
+#include <openssl/bio.h>
-# include <string.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/bn.h>
-# include "progs.h"
+#include <openssl/ec.h>
-# include <openssl/bio.h>
+#include <openssl/x509.h>
-# include <openssl/err.h>
+#include <openssl/pem.h>
-# include <openssl/bn.h>
-# include <openssl/ec.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -55,9 +51,9 @@ const OPTIONS ecparam_options[] = {
     "Specifies the way the ec parameters are encoded"},
    {"genkey", OPT_GENKEY, '-', "Generate ec key"},
    OPT_R_OPTIONS,
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
    {NULL}
 };
@@ -446,5 +442,3 @@ int ecparam_main(int argc, char **argv)
    BIO_free_all(out);
    return ret;
 }
-#endif
--- a/apps/enc.c
+++ b/apps/enc.c
--- a/apps/engine.c
+++ b/apps/engine.c
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,19 +8,15 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_ENGINE
+#include "apps.h"
-NON_EMPTY_TRANSLATION_UNIT
+#include "progs.h"
-#else
+#include <stdio.h>
+#include <stdlib.h>
-# include "apps.h"
+#include <string.h>
-# include "progs.h"
+#include <openssl/err.h>
-# include <stdio.h>
+#include <openssl/engine.h>
-# include <stdlib.h>
+#include <openssl/ssl.h>
-# include <string.h>
+#include <openssl/store.h>
-# include <openssl/err.h>
-# include <openssl/engine.h>
-# include <openssl/ssl.h>
-# include <openssl/store.h>
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -486,4 +482,3 @@ int engine_main(int argc, char **argv)
    BIO_free_all(out);
    return ret;
 }
-#endif
--- a/apps/errstr.c
+++ b/apps/errstr.c
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,22 +8,18 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <string.h>
-#else
+#include <sys/types.h>
+#include <sys/stat.h>
-# include <stdio.h>
+#include "apps.h"
-# include <string.h>
+#include "progs.h"
-# include <sys/types.h>
+#include <openssl/bio.h>
-# include <sys/stat.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/bn.h>
-# include "progs.h"
+#include <openssl/dsa.h>
-# include <openssl/bio.h>
+#include <openssl/x509.h>
-# include <openssl/err.h>
+#include <openssl/pem.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -39,9 +35,9 @@ const OPTIONS gendsa_options[] = {
    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
    OPT_R_OPTIONS,
    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
    {NULL}
 };
@@ -143,4 +139,3 @@ int gendsa_main(int argc, char **argv)
    OPENSSL_free(passout);
    return ret;
 }
-#endif
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
 /*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv)
        goto end;
    }
+    ret = 0;
    if (rv <= 0) {
        BIO_puts(bio_err, "Error writing key\n");
        ERR_print_errors(bio_err);
+        ret = 1;
    }
    if (text) {
@@ -191,11 +194,10 @@ int genpkey_main(int argc, char **argv)
        if (rv <= 0) {
            BIO_puts(bio_err, "Error printing key\n");
            ERR_print_errors(bio_err);
+            ret = 1;
        }
    }
-    ret = 0;
 end:
    EVP_PKEY_free(pkey);
    EVP_PKEY_CTX_free(ctx);

--- a/apps/genrsa.c
+++ b/apps/genrsa.c
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,27 +8,23 @@
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_RSA
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <string.h>
-#else
+#include <sys/types.h>
+#include <sys/stat.h>
-# include <stdio.h>
+#include "apps.h"
-# include <string.h>
+#include "progs.h"
-# include <sys/types.h>
+#include <openssl/bio.h>
-# include <sys/stat.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/bn.h>
-# include "progs.h"
+#include <openssl/rsa.h>
-# include <openssl/bio.h>
+#include <openssl/evp.h>
-# include <openssl/err.h>
+#include <openssl/x509.h>
-# include <openssl/bn.h>
+#include <openssl/pem.h>
-# include <openssl/rsa.h>
+#include <openssl/rand.h>
-# include <openssl/evp.h>
-# include <openssl/x509.h>
+#define DEFBITS 2048
-# include <openssl/pem.h>
+#define DEFPRIMES 2
-# include <openssl/rand.h>
-# define DEFBITS 2048
-# define DEFPRIMES 2
 static int genrsa_cb(int p, int n, BN_GENCB *cb);
@@ -48,9 +44,9 @@ const OPTIONS genrsa_options[] = {
    OPT_R_OPTIONS,
    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
    {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
    {NULL}
 };
@@ -198,4 +194,3 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb)
    (void)BIO_flush(BN_GENCB_get_arg(cb));
    return 1;
 }
-#endif
--- a/apps/nseq.c
+++ b/apps/nseq.c
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
 /*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -9,65 +9,62 @@
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_OCSP
+#ifdef OPENSSL_SYS_VMS
-NON_EMPTY_TRANSLATION_UNIT
+# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
-#else
-# ifdef OPENSSL_SYS_VMS
-#  define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
                                 * on OpenVMS */
-# endif
+#endif
-# include <stdio.h>
+#include <stdio.h>
-# include <stdlib.h>
+#include <stdlib.h>
-# include <string.h>
+#include <string.h>
-# include <time.h>
+#include <time.h>
-# include <ctype.h>
+#include <ctype.h>
 /* Needs to be included before the openssl headers */
-# include "apps.h"
+#include "apps.h"
-# include "progs.h"
+#include "progs.h"
-# include "internal/sockets.h"
+#include "internal/sockets.h"
-# include <openssl/e_os2.h>
+#include <openssl/e_os2.h>
-# include <openssl/crypto.h>
+#include <openssl/crypto.h>
-# include <openssl/err.h>
+#include <openssl/err.h>
-# include <openssl/ssl.h>
+#include <openssl/ssl.h>
-# include <openssl/evp.h>
+#include <openssl/evp.h>
-# include <openssl/bn.h>
+#include <openssl/bn.h>
-# include <openssl/x509v3.h>
+#include <openssl/x509v3.h>
-# include <openssl/rand.h>
+#include <openssl/rand.h>
 #ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
-#  define HAVE_FORK 0
+# define HAVE_FORK 0
-# else
+#else
-#  define HAVE_FORK 1
+# define HAVE_FORK 1
-# endif
+#endif
 #endif
 #if HAVE_FORK
-# undef NO_FORK
+#undef NO_FORK
 #else
-# define NO_FORK
+#define NO_FORK
 #endif
-# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
+#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
     && !defined(OPENSSL_NO_POSIX_IO)
-#  define OCSP_DAEMON
+# define OCSP_DAEMON
-#  include <sys/types.h>
+# include <sys/types.h>
-#  include <sys/wait.h>
+# include <sys/wait.h>
-#  include <syslog.h>
+# include <syslog.h>
-#  include <signal.h>
+# include <signal.h>
-#  define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
+# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
-# else
+#else
-#  undef LOG_INFO
+# undef LOG_INFO
-#  undef LOG_WARNING
+# undef LOG_WARNING
-#  undef LOG_ERR
+# undef LOG_ERR
-#  define LOG_INFO      0
+# define LOG_INFO      0
-#  define LOG_WARNING   1
+# define LOG_WARNING   1
-#  define LOG_ERR       2
+# define LOG_ERR       2
-# endif
+#endif
-# if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS)
 /* not supported */
 int setpgid(pid_t pid, pid_t pgid)
 {
@@ -80,9 +77,9 @@ pid_t fork(void)
    errno = ENOSYS;
    return (pid_t) -1;
 }
-# endif
+#endif
 /* Maximum leeway in validity period: default 5 minutes */
-# define MAX_VALIDITY_PERIOD    (5 * 60)
+#define MAX_VALIDITY_PERIOD    (5 * 60)
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
                         const EVP_MD *cert_id_md, X509 *issuer,
@@ -109,20 +106,20 @@ static void log_message(int level, const char *fmt, ...);
 static char *prog;
 static int multi = 0;
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
 static int acfd = (int) INVALID_SOCKET;
 static int index_changed(CA_DB *);
 static void spawn_loop(void);
 static int print_syslog(const char *str, size_t len, void *levPtr);
 static void socket_timeout(int signum);
-# endif
+#endif
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
                                      const char *path,
                                      const STACK_OF(CONF_VALUE) *headers,
                                      OCSP_REQUEST *req, int req_timeout);
-# endif
+#endif
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -160,9 +157,9 @@ const OPTIONS ocsp_options[] = {
     "Don't include any certificates in response"},
    {"resp_key_id", OPT_RESP_KEY_ID, '-',
     "Identify response by signing certificate key ID"},
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
    {"multi", OPT_MULTI, 'p', "run multiple responder processes"},
-# endif
+#endif
    {"no_certs", OPT_NO_CERTS, '-',
     "Don't include any certificates in signed request"},
    {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
@@ -511,9 +508,9 @@ int ocsp_main(int argc, char **argv)
            trailing_md = 1;
            break;
        case OPT_MULTI:
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
            multi = atoi(opt_arg());
-# endif
+#endif
            break;
        }
    }
@@ -593,7 +590,7 @@ int ocsp_main(int argc, char **argv)
        }
    }
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
    if (multi && acbio != NULL)
        spawn_loop();
    if (acbio != NULL && req_timeout > 0)
@@ -606,7 +603,7 @@ int ocsp_main(int argc, char **argv)
 redo_accept:
    if (acbio != NULL) {
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
        if (index_changed(rdb)) {
            CA_DB *newrdb = load_index(ridx_filename, NULL);
@@ -619,7 +616,7 @@ redo_accept:
                            ridx_filename);
            }
        }
-# endif
+#endif
        req = NULL;
        if (!do_responder(&req, &cbio, acbio, req_timeout))
@@ -688,16 +685,16 @@ redo_accept:
        if (cbio != NULL)
            send_ocsp_response(cbio, resp);
    } else if (host != NULL) {
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
        resp = process_responder(req, host, path,
                                 port, use_ssl, headers, req_timeout);
        if (resp == NULL)
            goto end;
-# else
+#else
        BIO_printf(bio_err,
                   "Error creating connect BIO - sockets not supported.\n");
        goto end;
-# endif
+#endif
    } else if (respin != NULL) {
        derbio = bio_open_default(respin, 'r', FORMAT_ASN1);
        if (derbio == NULL)
@@ -840,7 +837,7 @@ log_message(int level, const char *fmt, ...)
    va_list ap;
    va_start(ap, fmt);
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
    if (multi) {
        char buf[1024];
        if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) {
@@ -849,7 +846,7 @@ log_message(int level, const char *fmt, ...)
        if (level >= LOG_ERR)
            ERR_print_errors_cb(print_syslog, &level);
    }
-# endif
+#endif
    if (!multi) {
        BIO_printf(bio_err, "%s: ", prog);
        BIO_vprintf(bio_err, fmt, ap);
@@ -858,7 +855,7 @@ log_message(int level, const char *fmt, ...)
    va_end(ap);
 }
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
 static int print_syslog(const char *str, size_t len, void *levPtr)
 {
@@ -1011,7 +1008,7 @@ static void spawn_loop(void)
    syslog(LOG_INFO, "terminating on signal: %d", termsig);
    killall(0, kidpids);
 }
-# endif
+#endif
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
                         const EVP_MD *cert_id_md, X509 *issuer,
@@ -1291,11 +1288,11 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 static BIO *init_responder(const char *port)
 {
-# ifdef OPENSSL_NO_SOCK
+#ifdef OPENSSL_NO_SOCK
    BIO_printf(bio_err,
               "Error setting up accept BIO - sockets not supported.\n");
    return NULL;
-# else
+#else
    BIO *acbio = NULL, *bufbio = NULL;
    bufbio = BIO_new(BIO_f_buffer());
@@ -1322,10 +1319,10 @@ static BIO *init_responder(const char *port)
    BIO_free_all(acbio);
    BIO_free(bufbio);
    return NULL;
-# endif
+#endif
 }
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 /*
 * Decode %xx URL-decoding in-place. Ignores mal-formed sequences.
 */
@@ -1349,22 +1346,22 @@ static int urldecode(char *p)
    *out = '\0';
    return (int)(out - save);
 }
-# endif
+#endif
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
 static void socket_timeout(int signum)
 {
    if (acfd != (int)INVALID_SOCKET)
        (void)shutdown(acfd, SHUT_RD);
 }
-# endif
+#endif
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
                        int timeout)
 {
-# ifdef OPENSSL_NO_SOCK
+#ifdef OPENSSL_NO_SOCK
    return 0;
-# else
+#else
    int len;
    OCSP_REQUEST *req = NULL;
    char inbuf[2048], reqbuf[2048];
@@ -1382,12 +1379,12 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
    *pcbio = cbio;
    client = BIO_get_peer_name(cbio);
-#  ifdef OCSP_DAEMON
+# ifdef OCSP_DAEMON
    if (timeout > 0) {
        (void) BIO_get_fd(cbio, &acfd);
        alarm(timeout);
    }
-#  endif
+# endif
    /* Read the request line. */
    len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
@@ -1450,11 +1447,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
            break;
    }
-#  ifdef OCSP_DAEMON
+# ifdef OCSP_DAEMON
    /* Clear alarm before we close the client socket */
    alarm(0);
    timeout = 0;
-#  endif
+# endif
    /* Try to read OCSP request */
    if (getbio != NULL) {
@@ -1470,13 +1467,13 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
    *preq = req;
 out:
-#  ifdef OCSP_DAEMON
+# ifdef OCSP_DAEMON
    if (timeout > 0)
        alarm(0);
    acfd = (int)INVALID_SOCKET;
-#  endif
-    return 1;
 # endif
+    return 1;
+#endif
 }
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
@@ -1492,7 +1489,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
    return 1;
 }
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
                                      const char *path,
                                      const STACK_OF(CONF_VALUE) *headers,
@@ -1623,6 +1620,4 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
    SSL_CTX_free(ctx);
    return resp;
 }
-# endif
 #endif
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
--- a/apps/openssl.c
+++ b/apps/openssl.c
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
--- a/apps/opt.c
+++ b/apps/opt.c
--- a/apps/passwd.c
+++ b/apps/passwd.c
--- a/apps/pca-cert.srl
+++ b/apps/pca-cert.srl
--- a/apps/pca-key.pem
+++ b/apps/pca-key.pem
--- a/apps/pca-req.pem
+++ b/apps/pca-req.pem
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
 /*
- * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -8,25 +8,21 @@
 */
 #include <openssl/opensslconf.h>
-#if defined(OPENSSL_NO_DES)
+#include <stdio.h>
-NON_EMPTY_TRANSLATION_UNIT
+#include <stdlib.h>
-#else
+#include <string.h>
+#include "apps.h"
-# include <stdio.h>
+#include "progs.h"
-# include <stdlib.h>
+#include <openssl/crypto.h>
-# include <string.h>
+#include <openssl/err.h>
-# include "apps.h"
+#include <openssl/pem.h>
-# include "progs.h"
+#include <openssl/pkcs12.h>
-# include <openssl/crypto.h>
-# include <openssl/err.h>
+#define NOKEYS          0x1
-# include <openssl/pem.h>
+#define NOCERTS         0x2
-# include <openssl/pkcs12.h>
+#define INFO            0x4
+#define CLCERTS         0x8
-# define NOKEYS          0x1
+#define CACERTS         0x10
-# define NOCERTS         0x2
-# define INFO            0x4
-# define CLCERTS         0x8
-# define CACERTS         0x10
 #define PASSWD_BUF_SIZE 2048
@@ -74,15 +70,15 @@ const OPTIONS pkcs12_options[] = {
    {"chain", OPT_CHAIN, '-', "Add certificate chain"},
    {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
    {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
-# ifndef OPENSSL_NO_RC2
+#ifndef OPENSSL_NO_RC2
    {"descert", OPT_DESCERT, '-',
     "Encrypt output with 3DES (default RC2-40)"},
    {"certpbe", OPT_CERTPBE, 's',
     "Certificate PBE algorithm (default RC2-40)"},
-# else
+#else
    {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
    {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
-# endif
+#endif
    {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
    {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
    {"maciter", OPT_MACITER, '-', "Use MAC iteration"},
@@ -113,9 +109,9 @@ const OPTIONS pkcs12_options[] = {
    {"no-CApath", OPT_NOCAPATH, '-',
     "Do not load certificates from the default certificates directory"},
    {"", OPT_CIPHER, '-', "Any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
    {NULL}
 };
@@ -126,11 +122,11 @@ int pkcs12_main(int argc, char **argv)
    char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
    int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
    int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
-# ifndef OPENSSL_NO_RC2
+#ifndef OPENSSL_NO_RC2
    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-# else
+#else
    int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-# endif
+#endif
    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    int ret = 1, macver = 1, add_lmk = 0, private = 0;
    int noprompt = 0;
@@ -976,5 +972,3 @@ static int set_pbe(int *ppbe, const char *str)
    }
    return 1;
 }
-#endif
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
--- a/apps/pkey.c
+++ b/apps/pkey.c
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
--- a/apps/prime.c
+++ b/apps/prime.c
--- a/apps/privkey.pem
+++ b/apps/privkey.pem
--- a/apps/progs.pl
+++ b/apps/progs.pl
--- a/apps/rand.c
+++ b/apps/rand.c
--- a/apps/rehash.c
+++ b/apps/rehash.c
--- a/apps/req.c
+++ b/apps/req.c
--- a/apps/req.pem
+++ b/apps/req.pem
--- a/apps/rsa.c
+++ b/apps/rsa.c
--- a/apps/rsa8192.pem
+++ b/apps/rsa8192.pem
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
--- a/apps/s1024key.pem
+++ b/apps/s1024key.pem
--- a/apps/s1024req.pem
+++ b/apps/s1024req.pem
--- a/apps/s512-key.pem
+++ b/apps/s512-key.pem
--- a/apps/s512-req.pem
+++ b/apps/s512-req.pem
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
--- a/apps/s_client.c
+++ b/apps/s_client.c
--- a/apps/s_server.c
+++ b/apps/s_server.c
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
--- a/apps/s_time.c
+++ b/apps/s_time.c
--- a/apps/server.pem
+++ b/apps/server.pem
--- a/apps/server.srl
+++ b/apps/server.srl
--- a/apps/server2.pem
+++ b/apps/server2.pem
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
--- a/apps/smime.c
+++ b/apps/smime.c
--- a/apps/speed.c
+++ b/apps/speed.c
--- a/apps/spkac.c
+++ b/apps/spkac.c
--- a/apps/srp.c
+++ b/apps/srp.c
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
--- a/apps/testCA.pem
+++ b/apps/testCA.pem
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
--- a/apps/timeouts.h
+++ b/apps/timeouts.h
--- a/apps/ts.c
+++ b/apps/ts.c
--- a/apps/tsget.in
+++ b/apps/tsget.in
--- a/apps/verify.c
+++ b/apps/verify.c
--- a/apps/version.c
+++ b/apps/version.c
--- a/apps/vms_decc_init.c
+++ b/apps/vms_decc_init.c
--- a/apps/vms_term_sock.c
+++ b/apps/vms_term_sock.c
--- a/apps/vms_term_sock.h
+++ b/apps/vms_term_sock.h
--- a/apps/win32_init.c
+++ b/apps/win32_init.c
--- a/apps/x509.c
+++ b/apps/x509.c
--- a/appveyor.yml
+++ b/appveyor.yml
--- a/build.info
+++ b/build.info
--- a/config
+++ b/config
--- a/config.com
+++ b/config.com
--- a/crypto/LPdir_nyi.c
+++ b/crypto/LPdir_nyi.c
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
--- a/crypto/LPdir_vms.c
+++ b/crypto/LPdir_vms.c
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
--- a/crypto/LPdir_win32.c
+++ b/crypto/LPdir_win32.c
--- a/crypto/LPdir_wince.c
+++ b/crypto/LPdir_wince.c
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
--- a/crypto/aes/aes_local.h
+++ b/crypto/aes/aes_local.h
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
--- a/crypto/aes/aes_ofb.c
+++ b/crypto/aes/aes_ofb.c
--- a/crypto/aes/aes_wrap.c
+++ b/crypto/aes/aes_wrap.c
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
--- a/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/aes/asm/aes-armv4.pl
--- a/crypto/aes/asm/aes-c64xplus.pl
+++ b/crypto/aes/asm/aes-c64xplus.pl
--- a/crypto/aes/asm/aes-ia64.S
+++ b/crypto/aes/asm/aes-ia64.S
--- a/crypto/aes/asm/aes-mips.pl
+++ b/crypto/aes/asm/aes-mips.pl
--- a/crypto/aes/asm/aes-parisc.pl
+++ b/crypto/aes/asm/aes-parisc.pl
--- a/crypto/aes/asm/aes-ppc.pl
+++ b/crypto/aes/asm/aes-ppc.pl
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
--- a/crypto/aes/asm/aesfx-sparcv9.pl
+++ b/crypto/aes/asm/aesfx-sparcv9.pl
--- a/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/crypto/aes/asm/aesni-mb-x86_64.pl
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
--- a/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha256-x86_64.pl
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
--- a/crypto/aes/asm/aest4-sparcv9.pl
+++ b/crypto/aes/asm/aest4-sparcv9.pl
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
--- a/crypto/aes/asm/arm32/aes-armv4.S
+++ b/crypto/aes/asm/arm32/aes-armv4.S
--- a/crypto/aes/asm/arm32/aesv8-armx.S
+++ b/crypto/aes/asm/arm32/aesv8-armx.S
--- a/crypto/aes/asm/arm32/bsaes-armv7.S
+++ b/crypto/aes/asm/arm32/bsaes-armv7.S
--- a/crypto/aes/asm/arm64/aesv8-armx.S
+++ b/crypto/aes/asm/arm64/aesv8-armx.S
--- a/crypto/aes/asm/arm64/vpaes-armv8.S
+++ b/crypto/aes/asm/arm64/vpaes-armv8.S
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/aes/asm/bsaes-armv7.pl
--- a/crypto/aes/asm/vpaes-ppc.pl
+++ b/crypto/aes/asm/vpaes-ppc.pl
--- a/crypto/aes/asm/vpaes-x86.pl
+++ b/crypto/aes/asm/vpaes-x86.pl
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/aes/asm/vpaes-x86_64.pl
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
--- a/crypto/alphacpuid.pl
+++ b/crypto/alphacpuid.pl
--- a/crypto/aria/aria.c
+++ b/crypto/aria/aria.c
--- a/crypto/aria/build.info
+++ b/crypto/aria/build.info
--- a/crypto/arm64cpuid.S
+++ b/crypto/arm64cpuid.S
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
--- a/crypto/armv4cpuid.S
+++ b/crypto/armv4cpuid.S
--- a/crypto/armv4cpuid.pl
+++ b/crypto/armv4cpuid.pl
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
--- a/crypto/asn1/asn1_item_list.c
+++ b/crypto/asn1/asn1_item_list.c
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
--- a/crypto/asn1/asn1_local.h
+++ b/crypto/asn1/asn1_local.h
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
--- a/crypto/asn1/build.info
+++ b/crypto/asn1/build.info
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
--- a/crypto/asn1/nsseq.c
+++ b/crypto/asn1/nsseq.c
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
--- a/crypto/asn1/standard_methods.h
+++ b/crypto/asn1/standard_methods.h
--- a/crypto/asn1/t_bitst.c
+++ b/crypto/asn1/t_bitst.c
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
--- a/crypto/asn1/tasn_scn.c
+++ b/crypto/asn1/tasn_scn.c
--- a/crypto/asn1/tasn_typ.c
+++ b/crypto/asn1/tasn_typ.c
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
--- a/crypto/asn1/tbl_standard.h
+++ b/crypto/asn1/tbl_standard.h
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
--- a/crypto/asn1/x_spki.c
+++ b/crypto/asn1/x_spki.c
--- a/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
--- a/crypto/async/arch/async_null.c
+++ b/crypto/async/arch/async_null.c
--- a/crypto/async/arch/async_null.h
+++ b/crypto/async/arch/async_null.h
--- a/crypto/async/arch/async_posix.c
+++ b/crypto/async/arch/async_posix.c
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
--- a/crypto/async/arch/async_win.c
+++ b/crypto/async/arch/async_win.c
--- a/crypto/async/arch/async_win.h
+++ b/crypto/async/arch/async_win.h
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
--- a/crypto/async/async_err.c
+++ b/crypto/async/async_err.c
--- a/crypto/async/async_local.h
+++ b/crypto/async/async_local.h
--- a/crypto/async/async_wait.c
+++ b/crypto/async/async_wait.c
--- a/crypto/async/build.info
+++ b/crypto/async/build.info
--- a/crypto/bf/asm/bf-586.pl
+++ b/crypto/bf/asm/bf-586.pl
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
--- a/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
--- a/crypto/bf/bf_enc.c
+++ b/crypto/bf/bf_enc.c
--- a/crypto/bf/bf_local.h
+++ b/crypto/bf/bf_local.h
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
--- a/crypto/bf/bf_pi.h
+++ b/crypto/bf/bf_pi.h
--- a/crypto/bf/bf_skey.c
+++ b/crypto/bf/bf_skey.c
--- a/crypto/bf/build.info
+++ b/crypto/bf/build.info
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
--- a/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
--- a/crypto/bio/bio_local.h
+++ b/crypto/bio/bio_local.h
--- a/crypto/bio/bio_meth.c
+++ b/crypto/bio/bio_meth.c
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
--- a/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
--- a/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
--- a/crypto/bio/build.info
+++ b/crypto/bio/build.info
--- a/crypto/blake2/blake2_impl.h
+++ b/crypto/blake2/blake2_impl.h
--- a/crypto/blake2/blake2_local.h
+++ b/crypto/blake2/blake2_local.h
--- a/crypto/blake2/blake2b.c
+++ b/crypto/blake2/blake2b.c
--- a/crypto/blake2/blake2s.c
+++ b/crypto/blake2/blake2s.c
--- a/crypto/blake2/build.info
+++ b/crypto/blake2/build.info
--- a/crypto/blake2/m_blake2b.c
+++ b/crypto/blake2/m_blake2b.c
--- a/crypto/blake2/m_blake2s.c
+++ b/crypto/blake2/m_blake2s.c
--- a/crypto/bn/README.pod
+++ b/crypto/bn/README.pod
--- a/crypto/bn/armv4-gf2m.S
+++ b/crypto/bn/armv4-gf2m.S
--- a/crypto/bn/armv4-mont.S
+++ b/crypto/bn/armv4-mont.S
--- a/crypto/bn/armv8-mont.S
+++ b/crypto/bn/armv8-mont.S
--- a/crypto/bn/asm/alpha-mont.pl
+++ b/crypto/bn/asm/alpha-mont.pl
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
--- a/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/bn/asm/armv4-mont.pl
--- a/crypto/bn/asm/bn-586.pl
+++ b/crypto/bn/asm/bn-586.pl
--- a/crypto/bn/asm/bn-c64xplus.asm
+++ b/crypto/bn/asm/bn-c64xplus.asm
--- a/crypto/bn/asm/c64xplus-gf2m.pl
+++ b/crypto/bn/asm/c64xplus-gf2m.pl
--- a/crypto/bn/asm/co-586.pl
+++ b/crypto/bn/asm/co-586.pl
--- a/crypto/bn/asm/ia64-mont.pl
+++ b/crypto/bn/asm/ia64-mont.pl
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
--- a/crypto/bn/asm/mips-mont.pl
+++ b/crypto/bn/asm/mips-mont.pl
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
--- a/crypto/bn/asm/parisc-mont.pl
+++ b/crypto/bn/asm/parisc-mont.pl
--- a/crypto/bn/asm/ppc-mont.pl
+++ b/crypto/bn/asm/ppc-mont.pl
--- a/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
--- a/crypto/bn/asm/ppc64-mont.pl
+++ b/crypto/bn/asm/ppc64-mont.pl
--- a/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/bn/asm/rsaz-avx2.pl
--- a/crypto/bn/asm/rsaz-x86_64.pl
+++ b/crypto/bn/asm/rsaz-x86_64.pl
--- a/crypto/bn/asm/s390x-gf2m.pl
+++ b/crypto/bn/asm/s390x-gf2m.pl
--- a/crypto/bn/asm/s390x-mont.pl
+++ b/crypto/bn/asm/s390x-mont.pl
--- a/crypto/bn/asm/s390x.S
+++ b/crypto/bn/asm/s390x.S
--- a/crypto/bn/asm/sparcv8.S
+++ b/crypto/bn/asm/sparcv8.S
--- a/crypto/bn/asm/sparcv8plus.S
+++ b/crypto/bn/asm/sparcv8plus.S
--- a/crypto/bn/asm/sparcv9-gf2m.pl
+++ b/crypto/bn/asm/sparcv9-gf2m.pl
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
--- a/crypto/bn/asm/via-mont.pl
+++ b/crypto/bn/asm/via-mont.pl
--- a/crypto/bn/asm/vis3-mont.pl
+++ b/crypto/bn/asm/vis3-mont.pl
--- a/crypto/bn/asm/x86-gf2m.pl
+++ b/crypto/bn/asm/x86-gf2m.pl
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/bn/asm/x86_64-gf2m.pl
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
--- a/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
--- a/crypto/bn/bn_intern.c
+++ b/crypto/bn/bn_intern.c
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
--- a/crypto/bn/bn_local.h
+++ b/crypto/bn/bn_local.h
--- a/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
--- a/crypto/bn/bn_srp.c
+++ b/crypto/bn/bn_srp.c
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
--- a/crypto/bn/rsaz_exp.c
+++ b/crypto/bn/rsaz_exp.c
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
--- a/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
--- a/crypto/buffer/build.info
+++ b/crypto/buffer/build.info
--- a/crypto/build.info
+++ b/crypto/build.info
--- a/crypto/buildinf.h
+++ b/crypto/buildinf.h
--- a/crypto/c64xpluscpuid.pl
+++ b/crypto/c64xpluscpuid.pl
--- a/crypto/camellia/asm/cmll-x86.pl
+++ b/crypto/camellia/asm/cmll-x86.pl
--- a/crypto/camellia/asm/cmll-x86_64.pl
+++ b/crypto/camellia/asm/cmll-x86_64.pl
--- a/crypto/camellia/asm/cmllt4-sparcv9.pl
+++ b/crypto/camellia/asm/cmllt4-sparcv9.pl
--- a/crypto/camellia/build.info
+++ b/crypto/camellia/build.info
--- a/crypto/camellia/camellia.c
+++ b/crypto/camellia/camellia.c
--- a/crypto/camellia/cmll_cbc.c
+++ b/crypto/camellia/cmll_cbc.c
--- a/crypto/camellia/cmll_cfb.c
+++ b/crypto/camellia/cmll_cfb.c
--- a/crypto/camellia/cmll_ctr.c
+++ b/crypto/camellia/cmll_ctr.c
--- a/crypto/camellia/cmll_ecb.c
+++ b/crypto/camellia/cmll_ecb.c
--- a/crypto/camellia/cmll_local.h
+++ b/crypto/camellia/cmll_local.h
--- a/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
--- a/crypto/camellia/cmll_ofb.c
+++ b/crypto/camellia/cmll_ofb.c
--- a/crypto/cast/asm/cast-586.pl
+++ b/crypto/cast/asm/cast-586.pl
--- a/crypto/cast/build.info
+++ b/crypto/cast/build.info
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
--- a/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
--- a/crypto/cast/c_enc.c
+++ b/crypto/cast/c_enc.c
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
--- a/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
--- a/crypto/cast/cast_local.h
+++ b/crypto/cast/cast_local.h
--- a/crypto/cast/cast_s.h
+++ b/crypto/cast/cast_s.h
--- a/crypto/chacha/asm/chacha-armv8.pl
+++ b/crypto/chacha/asm/chacha-armv8.pl
--- a/crypto/chacha/asm/chacha-x86.pl
+++ b/crypto/chacha/asm/chacha-x86.pl
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
--- a/crypto/chacha/build.info
+++ b/crypto/chacha/build.info
--- a/crypto/chacha/chacha-armv4.S
+++ b/crypto/chacha/chacha-armv4.S
--- a/crypto/chacha/chacha-armv8.S
+++ b/crypto/chacha/chacha-armv8.S
--- a/crypto/chacha/chacha_enc.c
+++ b/crypto/chacha/chacha_enc.c
--- a/crypto/cmac/build.info
+++ b/crypto/cmac/build.info
--- a/crypto/cmac/cm_ameth.c
+++ b/crypto/cmac/cm_ameth.c
--- a/crypto/cmac/cm_pmeth.c
+++ b/crypto/cmac/cm_pmeth.c
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
--- a/crypto/cms/build.info
+++ b/crypto/cms/build.info
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
--- a/crypto/cms/cms_att.c
+++ b/crypto/cms/cms_att.c
--- a/crypto/cms/cms_cd.c
+++ b/crypto/cms/cms_cd.c
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
--- a/crypto/cms/cms_local.h
+++ b/crypto/cms/cms_local.h
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
--- a/crypto/comp/build.info
+++ b/crypto/comp/build.info
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
--- a/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
--- a/crypto/comp/comp_local.h
+++ b/crypto/comp/comp_local.h
--- a/crypto/conf/build.info
+++ b/crypto/conf/build.info
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
--- a/crypto/conf/conf_local.h
+++ b/crypto/conf/conf_local.h
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
--- a/crypto/ct/build.info
+++ b/crypto/ct/build.info
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
--- a/crypto/ct/ct_err.c
+++ b/crypto/ct/ct_err.c
--- a/crypto/ct/ct_local.h
+++ b/crypto/ct/ct_local.h
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
--- a/crypto/ct/ct_sct_ctx.c
+++ b/crypto/ct/ct_sct_ctx.c
--- a/crypto/ct/ct_vfy.c
+++ b/crypto/ct/ct_vfy.c
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
--- a/crypto/ctype.c
+++ b/crypto/ctype.c
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
--- a/crypto/des/asm/crypt586.pl
+++ b/crypto/des/asm/crypt586.pl
--- a/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
--- a/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
--- a/crypto/des/asm/desboth.pl
+++ b/crypto/des/asm/desboth.pl
--- a/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/des/asm/dest4-sparcv9.pl
--- a/crypto/des/build.info
+++ b/crypto/des/build.info
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
--- a/crypto/des/des_local.h
+++ b/crypto/des/des_local.h
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
--- a/crypto/des/fcrypt_b.c
+++ b/crypto/des/fcrypt_b.c
--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
--- a/crypto/des/qud_cksm.c
+++ b/crypto/des/qud_cksm.c
--- a/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
--- a/crypto/des/spr.h
+++ b/crypto/des/spr.h
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
--- a/crypto/dh/build.info
+++ b/crypto/dh/build.info
--- a/crypto/dh/dh1024.pem
+++ b/crypto/dh/dh1024.pem
--- a/crypto/dh/dh192.pem
+++ b/crypto/dh/dh192.pem
--- a/crypto/dh/dh2048.pem
+++ b/crypto/dh/dh2048.pem
--- a/crypto/dh/dh4096.pem
+++ b/crypto/dh/dh4096.pem
--- a/crypto/dh/dh512.pem
+++ b/crypto/dh/dh512.pem
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
--- a/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
--- a/crypto/dh/dh_local.h
+++ b/crypto/dh/dh_local.h
--- a/crypto/dh/dh_meth.c
+++ b/crypto/dh/dh_meth.c
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
--- a/crypto/dh/dh_prn.c
+++ b/crypto/dh/dh_prn.c
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
--- a/crypto/dh/dh_rfc7919.c
+++ b/crypto/dh/dh_rfc7919.c
--- a/crypto/dllmain.c
+++ b/crypto/dllmain.c
--- a/crypto/dsa/build.info
+++ b/crypto/dsa/build.info
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
--- a/crypto/dsa/dsa_local.h
+++ b/crypto/dsa/dsa_local.h
--- a/crypto/dsa/dsa_meth.c
+++ b/crypto/dsa/dsa_meth.c
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
--- a/crypto/dsa/dsa_prn.c
+++ b/crypto/dsa/dsa_prn.c
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
--- a/crypto/dso/build.info
+++ b/crypto/dso/build.info
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
--- a/crypto/dso/dso_err.c
+++ b/crypto/dso/dso_err.c
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
--- a/crypto/dso/dso_local.h
+++ b/crypto/dso/dso_local.h
--- a/crypto/dso/dso_openssl.c
+++ b/crypto/dso/dso_openssl.c
--- a/crypto/dso/dso_vms.c
+++ b/crypto/dso/dso_vms.c
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
--- a/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
--- a/crypto/ec/asm/ecp_nistz256-avx2.pl
+++ b/crypto/ec/asm/ecp_nistz256-avx2.pl
--- a/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl
--- a/crypto/ec/asm/x25519-x86_64.pl
+++ b/crypto/ec/asm/x25519-x86_64.pl
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
--- a/crypto/ec/curve448/arch_32/arch_intrinsics.h
+++ b/crypto/ec/curve448/arch_32/arch_intrinsics.h
--- a/crypto/ec/curve448/arch_32/f_impl.c
+++ b/crypto/ec/curve448/arch_32/f_impl.c
--- a/crypto/ec/curve448/arch_32/f_impl.h
+++ b/crypto/ec/curve448/arch_32/f_impl.h
--- a/crypto/ec/curve448/curve448.c
+++ b/crypto/ec/curve448/curve448.c
--- a/crypto/ec/curve448/curve448_local.h
+++ b/crypto/ec/curve448/curve448_local.h
--- a/crypto/ec/curve448/curve448_tables.c
+++ b/crypto/ec/curve448/curve448_tables.c
--- a/crypto/ec/curve448/curve448utils.h
+++ b/crypto/ec/curve448/curve448utils.h
--- a/crypto/ec/curve448/ed448.h
+++ b/crypto/ec/curve448/ed448.h
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
--- a/crypto/ec/curve448/f_generic.c
+++ b/crypto/ec/curve448/f_generic.c
--- a/crypto/ec/curve448/field.h
+++ b/crypto/ec/curve448/field.h
--- a/crypto/ec/curve448/point_448.h
+++ b/crypto/ec/curve448/point_448.h
--- a/crypto/ec/curve448/scalar.c
+++ b/crypto/ec/curve448/scalar.c
--- a/crypto/ec/curve448/word.h
+++ b/crypto/ec/curve448/word.h
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
--- a/crypto/ec/ec_cvt.c
+++ b/crypto/ec/ec_cvt.c
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
--- a/crypto/ec/ec_local.h
+++ b/crypto/ec/ec_local.h
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
--- a/crypto/ec/ec_oct.c
+++ b/crypto/ec/ec_oct.c
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
--- a/crypto/ec/ec_print.c
+++ b/crypto/ec/ec_print.c
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
--- a/crypto/ec/ecdsa_sign.c
+++ b/crypto/ec/ecdsa_sign.c
--- a/crypto/ec/ecdsa_vrf.c
+++ b/crypto/ec/ecdsa_vrf.c
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
--- a/crypto/ec/ecp_mont.c
+++ b/crypto/ec/ecp_mont.c
--- a/crypto/ec/ecp_nist.c
+++ b/crypto/ec/ecp_nist.c
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
--- a/crypto/ec/ecp_nistputil.c
+++ b/crypto/ec/ecp_nistputil.c
--- a/crypto/ec/ecp_nistz256-armv4.S
+++ b/crypto/ec/ecp_nistz256-armv4.S
--- a/crypto/ec/ecp_nistz256-armv8.S
+++ b/crypto/ec/ecp_nistz256-armv8.S
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
--- a/crypto/ec/ecp_nistz256_table.c
+++ b/crypto/ec/ecp_nistz256_table.c
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
--- a/crypto/engine/README
+++ b/crypto/engine/README
--- a/crypto/engine/build.info
+++ b/crypto/engine/build.info
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
--- a/crypto/engine/eng_err.c
+++ b/crypto/engine/eng_err.c
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
--- a/crypto/engine/eng_init.c
+++ b/crypto/engine/eng_init.c
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
--- a/crypto/engine/eng_local.h
+++ b/crypto/engine/eng_local.h
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
--- a/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
--- a/crypto/engine/tb_cipher.c
+++ b/crypto/engine/tb_cipher.c
--- a/crypto/engine/tb_dh.c
+++ b/crypto/engine/tb_dh.c
--- a/crypto/engine/tb_digest.c
+++ b/crypto/engine/tb_digest.c
--- a/crypto/engine/tb_dsa.c
+++ b/crypto/engine/tb_dsa.c
--- a/crypto/engine/tb_eckey.c
+++ b/crypto/engine/tb_eckey.c
--- a/crypto/engine/tb_pkmeth.c
+++ b/crypto/engine/tb_pkmeth.c
--- a/crypto/engine/tb_rand.c
+++ b/crypto/engine/tb_rand.c
--- a/crypto/engine/tb_rsa.c
+++ b/crypto/engine/tb_rsa.c
--- a/crypto/err/README
+++ b/crypto/err/README
--- a/crypto/err/build.info
+++ b/crypto/err/build.info
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
--- a/crypto/evp/cmeth_lib.c
+++ b/crypto/evp/cmeth_lib.c
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
--- a/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
--- a/crypto/evp/m_md5_sha1.c
+++ b/crypto/evp/m_md5_sha1.c
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
--- a/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
--- a/crypto/evp/m_sha3.c
+++ b/crypto/evp/m_sha3.c
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
--- a/crypto/evp/m_wp.c
+++ b/crypto/evp/m_wp.c
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
--- a/crypto/getenv.c
+++ b/crypto/getenv.c
--- a/crypto/hmac/build.info
+++ b/crypto/hmac/build.info
--- a/crypto/hmac/hm_ameth.c
+++ b/crypto/hmac/hm_ameth.c
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
--- a/crypto/hmac/hmac_local.h
+++ b/crypto/hmac/hmac_local.h
--- a/crypto/ia64cpuid.S
+++ b/crypto/ia64cpuid.S
--- a/crypto/idea/build.info
+++ b/crypto/idea/build.info
--- a/crypto/idea/i_cbc.c
+++ b/crypto/idea/i_cbc.c
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
--- a/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
--- a/crypto/idea/idea_local.h
+++ b/crypto/idea/idea_local.h
--- a/crypto/init.c
+++ b/crypto/init.c
--- a/crypto/kdf/build.info
+++ b/crypto/kdf/build.info
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
--- a/crypto/kdf/kdf_err.c
+++ b/crypto/kdf/kdf_err.c
--- a/crypto/kdf/scrypt.c
+++ b/crypto/kdf/scrypt.c
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
--- a/crypto/lhash/build.info
+++ b/crypto/lhash/build.info
--- a/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
--- a/crypto/lhash/lhash_local.h
+++ b/crypto/lhash/lhash_local.h
--- a/crypto/md2/build.info
+++ b/crypto/md2/build.info
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
--- a/crypto/md4/build.info
+++ b/crypto/md4/build.info
--- a/crypto/md4/md4_dgst.c
+++ b/crypto/md4/md4_dgst.c
--- a/crypto/md4/md4_local.h
+++ b/crypto/md4/md4_local.h
--- a/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
--- a/crypto/md5/asm/md5-586.pl
+++ b/crypto/md5/asm/md5-586.pl
--- a/crypto/md5/asm/md5-sparcv9.pl
+++ b/crypto/md5/asm/md5-sparcv9.pl
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
--- a/crypto/md5/md5_local.h
+++ b/crypto/md5/md5_local.h
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
--- a/crypto/mdc2/build.info
+++ b/crypto/mdc2/build.info
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
--- a/crypto/mem.c
+++ b/crypto/mem.c
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
--- a/crypto/mips_arch.h
+++ b/crypto/mips_arch.h
--- a/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
--- a/crypto/modes/asm/arm32/ghash-armv4.S
+++ b/crypto/modes/asm/arm32/ghash-armv4.S
--- a/crypto/modes/asm/arm32/ghashv8-armx.S
+++ b/crypto/modes/asm/arm32/ghashv8-armx.S
--- a/crypto/modes/asm/arm64/ghashv8-armx.S
+++ b/crypto/modes/asm/arm64/ghashv8-armx.S
--- a/crypto/modes/asm/ghash-alpha.pl
+++ b/crypto/modes/asm/ghash-alpha.pl
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
--- a/crypto/modes/asm/ghash-c64xplus.pl
+++ b/crypto/modes/asm/ghash-c64xplus.pl
--- a/crypto/modes/asm/ghash-parisc.pl
+++ b/crypto/modes/asm/ghash-parisc.pl
--- a/crypto/modes/asm/ghash-s390x.pl
+++ b/crypto/modes/asm/ghash-s390x.pl
--- a/crypto/modes/asm/ghash-sparcv9.pl
+++ b/crypto/modes/asm/ghash-sparcv9.pl
--- a/crypto/modes/asm/ghash-x86.pl
+++ b/crypto/modes/asm/ghash-x86.pl
--- a/crypto/modes/asm/ghash-x86_64.pl
+++ b/crypto/modes/asm/ghash-x86_64.pl
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
--- a/crypto/modes/cbc128.c
+++ b/crypto/modes/cbc128.c
--- a/crypto/modes/ccm128.c
+++ b/crypto/modes/ccm128.c
--- a/crypto/modes/cfb128.c
+++ b/crypto/modes/cfb128.c
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
--- a/crypto/modes/cts128.c
+++ b/crypto/modes/cts128.c
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
--- a/crypto/modes/modes_local.h
+++ b/crypto/modes/modes_local.h
--- a/crypto/modes/ocb128.c
+++ b/crypto/modes/ocb128.c
--- a/crypto/modes/ofb128.c
+++ b/crypto/modes/ofb128.c
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
--- a/crypto/modes/xts128.c
+++ b/crypto/modes/xts128.c
--- a/crypto/o_dir.c
+++ b/crypto/o_dir.c
--- a/crypto/o_fips.c
+++ b/crypto/o_fips.c
--- a/crypto/o_fopen.c
+++ b/crypto/o_fopen.c
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
--- a/crypto/objects/README
+++ b/crypto/objects/README
--- a/crypto/objects/build.info
+++ b/crypto/objects/build.info
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
--- a/crypto/objects/obj_dat.pl
+++ b/crypto/objects/obj_dat.pl
--- a/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
--- a/crypto/objects/obj_local.h
+++ b/crypto/objects/obj_local.h
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
--- a/crypto/objects/obj_xref.txt
+++ b/crypto/objects/obj_xref.txt
--- a/crypto/objects/objects.pl
+++ b/crypto/objects/objects.pl
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
--- a/crypto/ocsp/build.info
+++ b/crypto/ocsp/build.info
--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
--- a/crypto/ocsp/ocsp_err.c
+++ b/crypto/ocsp/ocsp_err.c
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
--- a/crypto/ocsp/ocsp_local.h
+++ b/crypto/ocsp/ocsp_local.h
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
--- a/crypto/pariscid.pl
+++ b/crypto/pariscid.pl
--- a/crypto/pem/build.info
+++ b/crypto/pem/build.info
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
--- a/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
--- a/crypto/pem/pem_oth.c
+++ b/crypto/pem/pem_oth.c
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
--- a/crypto/pem/pem_sign.c
+++ b/crypto/pem/pem_sign.c
--- a/crypto/pem/pem_x509.c
+++ b/crypto/pem/pem_x509.c
--- a/crypto/pem/pem_xaux.c
+++ b/crypto/pem/pem_xaux.c
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
--- a/crypto/perlasm/README
+++ b/crypto/perlasm/README
--- a/crypto/perlasm/cbc.pl
+++ b/crypto/perlasm/cbc.pl
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
--- a/crypto/perlasm/x86asm.pl
+++ b/crypto/perlasm/x86asm.pl
--- a/crypto/perlasm/x86gas.pl
+++ b/crypto/perlasm/x86gas.pl
--- a/crypto/perlasm/x86masm.pl
+++ b/crypto/perlasm/x86masm.pl
--- a/crypto/perlasm/x86nasm.pl
+++ b/crypto/perlasm/x86nasm.pl
--- a/crypto/pkcs12/build.info
+++ b/crypto/pkcs12/build.info
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
--- a/crypto/pkcs12/p12_asn.c
+++ b/crypto/pkcs12/p12_asn.c
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
--- a/crypto/pkcs12/p12_local.h
+++ b/crypto/pkcs12/p12_local.h
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
--- a/crypto/pkcs12/p12_p8d.c
+++ b/crypto/pkcs12/p12_p8d.c
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
--- a/crypto/pkcs7/bio_pk7.c
+++ b/crypto/pkcs7/bio_pk7.c
--- a/crypto/pkcs7/build.info
+++ b/crypto/pkcs7/build.info
--- a/crypto/pkcs7/pk7_asn1.c
+++ b/crypto/pkcs7/pk7_asn1.c
--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
--- a/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/poly1305/asm/poly1305-armv4.pl
--- a/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
--- a/crypto/poly1305/asm/poly1305-x86.pl
+++ b/crypto/poly1305/asm/poly1305-x86.pl
--- a/crypto/poly1305/asm/poly1305-x86_64.pl
+++ b/crypto/poly1305/asm/poly1305-x86_64.pl
--- a/crypto/poly1305/build.info
+++ b/crypto/poly1305/build.info
--- a/crypto/poly1305/poly1305-armv4.S
+++ b/crypto/poly1305/poly1305-armv4.S
--- a/crypto/poly1305/poly1305-armv8.S
+++ b/crypto/poly1305/poly1305-armv8.S
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
--- a/crypto/poly1305/poly1305_ameth.c
+++ b/crypto/poly1305/poly1305_ameth.c
--- a/crypto/poly1305/poly1305_base2_44.c
+++ b/crypto/poly1305/poly1305_base2_44.c
--- a/crypto/poly1305/poly1305_ieee754.c
+++ b/crypto/poly1305/poly1305_ieee754.c
--- a/crypto/poly1305/poly1305_local.h
+++ b/crypto/poly1305/poly1305_local.h
--- a/crypto/poly1305/poly1305_pmeth.c
+++ b/crypto/poly1305/poly1305_pmeth.c
--- a/crypto/ppc_arch.h
+++ b/crypto/ppc_arch.h
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
--- a/crypto/rand/rand_local.h
+++ b/crypto/rand/rand_local.h
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
--- a/crypto/rc2/build.info
+++ b/crypto/rc2/build.info
--- a/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
--- a/crypto/rc2/rc2_local.h
+++ b/crypto/rc2/rc2_local.h
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
--- a/crypto/rc4/asm/rc4-586.pl
+++ b/crypto/rc4/asm/rc4-586.pl
--- a/crypto/rc4/asm/rc4-c64xplus.pl
+++ b/crypto/rc4/asm/rc4-c64xplus.pl
--- a/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/crypto/rc4/asm/rc4-md5-x86_64.pl
--- a/crypto/rc4/asm/rc4-parisc.pl
+++ b/crypto/rc4/asm/rc4-parisc.pl
--- a/crypto/rc4/asm/rc4-s390x.pl
+++ b/crypto/rc4/asm/rc4-s390x.pl
--- a/crypto/rc4/build.info
+++ b/crypto/rc4/build.info
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
--- a/crypto/rc4/rc4_local.h
+++ b/crypto/rc4/rc4_local.h
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
--- a/crypto/rc5/asm/rc5-586.pl
+++ b/crypto/rc5/asm/rc5-586.pl
--- a/crypto/rc5/build.info
+++ b/crypto/rc5/build.info
--- a/crypto/rc5/rc5_ecb.c
+++ b/crypto/rc5/rc5_ecb.c
--- a/crypto/rc5/rc5_enc.c
+++ b/crypto/rc5/rc5_enc.c
--- a/crypto/rc5/rc5_local.h
+++ b/crypto/rc5/rc5_local.h
--- a/crypto/rc5/rc5_skey.c
+++ b/crypto/rc5/rc5_skey.c
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
--- a/crypto/ripemd/asm/rmd-586.pl
+++ b/crypto/ripemd/asm/rmd-586.pl
--- a/crypto/ripemd/build.info
+++ b/crypto/ripemd/build.info
--- a/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
--- a/crypto/ripemd/rmd_local.h
+++ b/crypto/ripemd/rmd_local.h
--- a/crypto/ripemd/rmd_one.c
+++ b/crypto/ripemd/rmd_one.c
--- a/crypto/ripemd/rmdconst.h
+++ b/crypto/ripemd/rmdconst.h
--- a/crypto/rsa/build.info
+++ b/crypto/rsa/build.info
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
--- a/crypto/rsa/rsa_crpt.c
+++ b/crypto/rsa/rsa_crpt.c
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
--- a/crypto/rsa/rsa_meth.c
+++ b/crypto/rsa/rsa_meth.c
--- a/crypto/rsa/rsa_mp.c
+++ b/crypto/rsa/rsa_mp.c
--- a/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
--- a/crypto/rsa/rsa_prn.c
+++ b/crypto/rsa/rsa_prn.c
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
--- a/crypto/seed/build.info
+++ b/crypto/seed/build.info
--- a/crypto/seed/seed.c
+++ b/crypto/seed/seed.c
--- a/crypto/seed/seed_cbc.c
+++ b/crypto/seed/seed_cbc.c
--- a/crypto/seed/seed_cfb.c
+++ b/crypto/seed/seed_cfb.c
--- a/crypto/seed/seed_ecb.c
+++ b/crypto/seed/seed_ecb.c
--- a/crypto/seed/seed_local.h
+++ b/crypto/seed/seed_local.h
--- a/crypto/seed/seed_ofb.c
+++ b/crypto/seed/seed_ofb.c
--- a/crypto/sha/asm/sha1-586.pl
+++ b/crypto/sha/asm/sha1-586.pl
--- a/crypto/sha/asm/sha1-alpha.pl
+++ b/crypto/sha/asm/sha1-alpha.pl
--- a/crypto/sha/asm/sha1-armv4-large.pl
+++ b/crypto/sha/asm/sha1-armv4-large.pl
--- a/crypto/sha/asm/sha1-armv8.pl
+++ b/crypto/sha/asm/sha1-armv8.pl
--- a/crypto/sha/asm/sha1-c64xplus.pl
+++ b/crypto/sha/asm/sha1-c64xplus.pl
--- a/crypto/sha/asm/sha1-ia64.pl
+++ b/crypto/sha/asm/sha1-ia64.pl
--- a/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
--- a/crypto/sha/asm/sha1-mips.pl
+++ b/crypto/sha/asm/sha1-mips.pl
--- a/crypto/sha/asm/sha1-parisc.pl
+++ b/crypto/sha/asm/sha1-parisc.pl
--- a/crypto/sha/asm/sha1-s390x.pl
+++ b/crypto/sha/asm/sha1-s390x.pl
--- a/crypto/sha/asm/sha1-sparcv9.pl
+++ b/crypto/sha/asm/sha1-sparcv9.pl
--- a/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/crypto/sha/asm/sha1-sparcv9a.pl
--- a/crypto/sha/asm/sha1-thumb.pl
+++ b/crypto/sha/asm/sha1-thumb.pl
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/sha/asm/sha1-x86_64.pl
--- a/crypto/sha/asm/sha256-586.pl
+++ b/crypto/sha/asm/sha256-586.pl
--- a/crypto/sha/asm/sha256-armv4.pl
+++ b/crypto/sha/asm/sha256-armv4.pl
--- a/crypto/sha/asm/sha256-c64xplus.pl
+++ b/crypto/sha/asm/sha256-c64xplus.pl
--- a/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/crypto/sha/asm/sha256-mb-x86_64.pl
--- a/crypto/sha/asm/sha512-586.pl
+++ b/crypto/sha/asm/sha512-586.pl
--- a/crypto/sha/asm/sha512-armv4.pl
+++ b/crypto/sha/asm/sha512-armv4.pl
--- a/crypto/sha/asm/sha512-armv8.pl
+++ b/crypto/sha/asm/sha512-armv8.pl
--- a/crypto/sha/asm/sha512-c64xplus.pl
+++ b/crypto/sha/asm/sha512-c64xplus.pl
--- a/crypto/sha/asm/sha512-mips.pl
+++ b/crypto/sha/asm/sha512-mips.pl
--- a/crypto/sha/asm/sha512-s390x.pl
+++ b/crypto/sha/asm/sha512-s390x.pl
--- a/crypto/sha/asm/sha512-sparcv9.pl
+++ b/crypto/sha/asm/sha512-sparcv9.pl
--- a/crypto/sha/asm/sha512-x86_64.pl
+++ b/crypto/sha/asm/sha512-x86_64.pl
--- a/crypto/sha/build.info
+++ b/crypto/sha/build.info
--- a/crypto/sha/keccak1600-armv4.S
+++ b/crypto/sha/keccak1600-armv4.S
--- a/crypto/sha/keccak1600-armv8.S
+++ b/crypto/sha/keccak1600-armv8.S
--- a/crypto/sha/keccak1600.c
+++ b/crypto/sha/keccak1600.c
--- a/crypto/sha/sha1-armv4-large.S
+++ b/crypto/sha/sha1-armv4-large.S
--- a/crypto/sha/sha1-armv8.S
+++ b/crypto/sha/sha1-armv8.S
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
--- a/crypto/sha/sha256-armv4.S
+++ b/crypto/sha/sha256-armv4.S
--- a/crypto/sha/sha256-armv8.S
+++ b/crypto/sha/sha256-armv8.S
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
--- a/crypto/sha/sha512-armv4.S
+++ b/crypto/sha/sha512-armv4.S
--- a/crypto/sha/sha512-armv8.S
+++ b/crypto/sha/sha512-armv8.S
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
--- a/crypto/sha/sha_local.h
+++ b/crypto/sha/sha_local.h
--- a/crypto/siphash/build.info
+++ b/crypto/siphash/build.info
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
--- a/crypto/siphash/siphash_ameth.c
+++ b/crypto/siphash/siphash_ameth.c
--- a/crypto/siphash/siphash_local.h
+++ b/crypto/siphash/siphash_local.h
--- a/crypto/siphash/siphash_pmeth.c
+++ b/crypto/siphash/siphash_pmeth.c
--- a/crypto/sm2/build.info
+++ b/crypto/sm2/build.info
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
--- a/crypto/sm2/sm2_err.c
+++ b/crypto/sm2/sm2_err.c
--- a/crypto/sm2/sm2_pmeth.c
+++ b/crypto/sm2/sm2_pmeth.c